Vulnerabilites related to ibm - maximo_asset_management
CVE-2013-4020 (GCVE-0-2013-4020)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 16:30
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
References
http://secunia.com/advisories/55070 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IV42775 vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/55068 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21651085 x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/85825 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.372Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55070"
          },
          {
            "name": "IV42775",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42775"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          },
          {
            "name": "maximo-cve20134020-sec-bypass(85825)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85825"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "55070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55070"
        },
        {
          "name": "IV42775",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42775"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        },
        {
          "name": "maximo-cve20134020-sec-bypass(85825)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85825"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-4020",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55070"
            },
            {
              "name": "IV42775",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42775"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            },
            {
              "name": "maximo-cve20134020-sec-bypass(85825)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85825"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-4020",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1698 (GCVE-0-2018-1698)
Vulnerability from cvelistv5
Published
2018-09-13 15:00
Modified
2024-09-16 20:46
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. IBM X-Force ID: 145967.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
Version: 7.6.0
Version: 7.6.0.1
Version: 7.6.1
Version: 7.6.2
Version: 7.6.2.1
Version: 7.6.2.2
Version: 7.6.2.3
Version: 7.6.2.4
Version: 7.6.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105343",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105343"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10728857"
          },
          {
            "name": "ibm-maximo-cve20181698-info-disc(145967)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145967"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.0.1"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.1"
            },
            {
              "status": "affected",
              "version": "7.6.2.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.3"
            },
            {
              "status": "affected",
              "version": "7.6.2.4"
            },
            {
              "status": "affected",
              "version": "7.6.3"
            }
          ]
        }
      ],
      "datePublic": "2018-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. IBM X-Force ID: 145967."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-18T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "105343",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105343"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10728857"
        },
        {
          "name": "ibm-maximo-cve20181698-info-disc(145967)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145967"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-09-11T00:00:00",
          "ID": "CVE-2018-1698",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          },
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.0.1"
                          },
                          {
                            "version_value": "7.6.1"
                          },
                          {
                            "version_value": "7.6.2"
                          },
                          {
                            "version_value": "7.6.2.1"
                          },
                          {
                            "version_value": "7.6.2.2"
                          },
                          {
                            "version_value": "7.6.2.3"
                          },
                          {
                            "version_value": "7.6.2.4"
                          },
                          {
                            "version_value": "7.6.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. IBM X-Force ID: 145967."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105343",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105343"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10728857",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10728857"
            },
            {
              "name": "ibm-maximo-cve20181698-info-disc(145967)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145967"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1698",
    "datePublished": "2018-09-13T15:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T20:46:50.829Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5465 (GCVE-0-2013-5465)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 17:15
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.356Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV46511",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "ibm-maximo-cve20135465-file-types(88364)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV46511",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "ibm-maximo-cve20135465-file-types(88364)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5465",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV46511",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "ibm-maximo-cve20135465-file-types(88364)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-5465",
    "datePublished": "2014-05-26T16:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1357 (GCVE-0-2017-1357)
Vulnerability from cvelistv5
Published
2017-08-09 18:00
Modified
2024-09-16 23:00
Severity ?
CWE
  • File Manipulation
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.5
Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.721Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100214",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100214"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-08-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "File Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-10T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "100214",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100214"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-08-08T00:00:00",
          "ID": "CVE-2017-1357",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "File Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100214",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100214"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22006647",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1357",
    "datePublished": "2017-08-09T18:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T23:00:52.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1415 (GCVE-0-2018-1415)
Vulnerability from cvelistv5
Published
2018-02-22 19:00
Modified
2024-09-16 21:56
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.073Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22013796"
          },
          {
            "name": "103169",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103169"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138821"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2018-02-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-28T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22013796"
        },
        {
          "name": "103169",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103169"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138821"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-02-20T00:00:00",
          "ID": "CVE-2018-1415",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22013796",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22013796"
            },
            {
              "name": "103169",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103169"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138821",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138821"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1415",
    "datePublished": "2018-02-22T19:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T21:56:42.186Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-1934 (GCVE-0-2015-1934)
Vulnerability from cvelistv5
Published
2015-10-04 01:00
Modified
2024-08-06 05:02
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:41.809Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-10-04T02:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1934",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1934",
    "datePublished": "2015-10-04T01:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T05:02:41.809Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4644 (GCVE-0-2019-4644)
Vulnerability from cvelistv5
Published
2020-04-17 13:25
Modified
2024-09-16 19:01
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6191583"
          },
          {
            "name": "ibm-maximo-cve20194644-xss (170880)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2020-04-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:L/C:L/S:C/I:L/A:N/PR:N/UI:R/AV:N/E:H/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-17T13:25:26",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6191583"
        },
        {
          "name": "ibm-maximo-cve20194644-xss (170880)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-04-16T00:00:00",
          "ID": "CVE-2019-4644",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "N",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6191583",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6191583 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6191583"
            },
            {
              "name": "ibm-maximo-cve20194644-xss (170880)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4644",
    "datePublished": "2020-04-17T13:25:26.254254Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T19:01:05.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5383 (GCVE-0-2013-5383)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 17:06
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382.
References
http://secunia.com/advisories/55070 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IV40704 vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/55068 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21651085 x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/86934 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:06:52.364Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55070"
          },
          {
            "name": "IV40704",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40704"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          },
          {
            "name": "maximo-cve20135383-priv-esc(86934)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86934"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "55070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55070"
        },
        {
          "name": "IV40704",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40704"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        },
        {
          "name": "maximo-cve20135383-priv-esc(86934)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86934"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5383",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55070"
            },
            {
              "name": "IV40704",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40704"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            },
            {
              "name": "maximo-cve20135383-priv-esc(86934)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86934"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-5383",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:06:52.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7448 (GCVE-0-2015-7448)
Vulnerability from cvelistv5
Published
2016-03-12 15:00
Modified
2024-08-06 07:51
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.519Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-03-12T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7448",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7448",
    "datePublished": "2016-03-12T15:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4944 (GCVE-0-2015-4944)
Vulnerability from cvelistv5
Published
2015-10-05 10:00
Modified
2024-08-06 06:32
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.523Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-10-05T02:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-4944",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-4944",
    "datePublished": "2015-10-05T10:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-32334 (GCVE-0-2023-32334)
Vulnerability from cvelistv5
Published
2023-06-05 00:44
Modified
2025-01-08 16:47
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
  • 598 Information Exposure Through Query Strings in GET Request
Summary
IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.2, 7.6.1.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:10:24.849Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6999721"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6999747"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255074"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32334",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-08T16:47:09.986023Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-08T16:47:18.253Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.2, 7.6.1.3"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Application Suite",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.8.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.  IBM X-Force ID:  255074."
            }
          ],
          "value": "IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.  IBM X-Force ID:  255074."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "598 Information Exposure Through Query Strings in GET Request",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-05T00:44:31.786Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6999721"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6999747"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255074"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Asset Management information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-32334",
    "datePublished": "2023-06-05T00:44:31.786Z",
    "dateReserved": "2023-05-08T18:32:34.088Z",
    "dateUpdated": "2025-01-08T16:47:18.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1872 (GCVE-0-2018-1872)
Vulnerability from cvelistv5
Published
2018-11-09 17:00
Modified
2024-09-16 23:40
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.476Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10737461"
          },
          {
            "name": "106140",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106140"
          },
          {
            "name": "ibm-maximo-cve20181872-xss(151330)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151330"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2018-11-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-10T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10737461"
        },
        {
          "name": "106140",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106140"
        },
        {
          "name": "ibm-maximo-cve20181872-xss(151330)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151330"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-11-07T00:00:00",
          "ID": "CVE-2018-1872",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10737461",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10737461"
            },
            {
              "name": "106140",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106140"
            },
            {
              "name": "ibm-maximo-cve20181872-xss(151330)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151330"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1872",
    "datePublished": "2018-11-09T17:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T23:40:57.500Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4526 (GCVE-0-2020-4526)
Vulnerability from cvelistv5
Published
2020-09-15 13:50
Modified
2024-09-16 20:26
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Gain Access
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.0
Version: 7.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.904Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6332589"
          },
          {
            "name": "ibm-maximo-cve20204526-csrf (182436)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182436"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            }
          ]
        }
      ],
      "datePublic": "2020-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:L/A:N/AV:N/I:L/S:U/C:N/UI:R/PR:N/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-15T13:50:24",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6332589"
        },
        {
          "name": "ibm-maximo-cve20204526-csrf (182436)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182436"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-09-14T00:00:00",
          "ID": "CVE-2020-4526",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "L",
              "PR": "N",
              "S": "U",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6332589",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6332589 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6332589"
            },
            {
              "name": "ibm-maximo-cve20204526-csrf (182436)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182436"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4526",
    "datePublished": "2020-09-15T13:50:24.589972Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T20:26:25.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-5017 (GCVE-0-2015-5017)
Vulnerability from cvelistv5
Published
2016-01-03 02:00
Modified
2024-08-06 06:32
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:32.680Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-03T05:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-5017",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-5017",
    "datePublished": "2016-01-03T02:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:32.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-22333 (GCVE-0-2024-22333)
Vulnerability from cvelistv5
Published
2024-06-13 13:55
Modified
2024-08-24 10:50
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-525 - Information Exposure Through Browser Caching
Summary
IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973.
References
Impacted products
Vendor Product Version
IBM Maximo Application Suite Version: 8.10, 8.11
    cpe:2.3:a:ibm:maximo_application_suite:8.10:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:maximo_application_suite:8.11:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22333",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-18T14:11:41.531813Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-18T14:11:47.420Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:43:34.457Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7157256"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7157257"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279973"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:maximo_application_suite:8.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:maximo_application_suite:8.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Maximo Application Suite",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.10, 8.11"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system.  IBM X-Force ID:  279973."
            }
          ],
          "value": "IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system.  IBM X-Force ID:  279973."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-525",
              "description": "CWE-525 Information Exposure Through Browser Caching",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-24T10:50:37.540Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7157256"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7157257"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279973"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Application Suite information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-22333",
    "datePublished": "2024-06-13T13:55:39.767Z",
    "dateReserved": "2024-01-08T23:42:17.266Z",
    "dateUpdated": "2024-08-24T10:50:37.540Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-22436 (GCVE-0-2022-22436)
Vulnerability from cvelistv5
Published
2022-04-21 16:35
Modified
2024-09-17 03:18
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224164.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:14:55.102Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6573667"
          },
          {
            "name": "ibm-maximo-cve202222436-xss (224164)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224164"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.2"
            }
          ]
        }
      ],
      "datePublic": "2022-04-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224164."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:L/I:L/S:C/UI:R/C:L/PR:L/AV:N/A:N/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-21T16:35:19",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6573667"
        },
        {
          "name": "ibm-maximo-cve202222436-xss (224164)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224164"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-04-20T00:00:00",
          "ID": "CVE-2022-22436",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224164."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6573667",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6573667 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6573667"
            },
            {
              "name": "ibm-maximo-cve202222436-xss (224164)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224164"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-22436",
    "datePublished": "2022-04-21T16:35:19.165725Z",
    "dateReserved": "2022-01-03T00:00:00",
    "dateUpdated": "2024-09-17T03:18:23.384Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4018 (GCVE-0-2013-4018)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 16:30
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.
References
http://secunia.com/advisories/55070 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/55068 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21651085 x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/85795 vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg1IV42684 vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.816Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55070"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          },
          {
            "name": "maximo-cve20134018-infodisc(85795)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85795"
          },
          {
            "name": "IV42684",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42684"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "55070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55070"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        },
        {
          "name": "maximo-cve20134018-infodisc(85795)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85795"
        },
        {
          "name": "IV42684",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42684"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-4018",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55070"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            },
            {
              "name": "maximo-cve20134018-infodisc(85795)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85795"
            },
            {
              "name": "IV42684",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42684"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-4018",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1699 (GCVE-0-2018-1699)
Vulnerability from cvelistv5
Published
2018-08-24 11:00
Modified
2024-09-16 18:03
Severity ?
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
CWE
  • Data Manipulation
Summary
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
Version: 7.6.0
Version: 7.6.0.1
Version: 7.6.1
Version: 7.6.2
Version: 7.6.2.1
Version: 7.6.2.2
Version: 7.6.2.3
Version: 7.6.2.4
Version: 7.6.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.365Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20181699-sql-injection(145968)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145968"
          },
          {
            "name": "105189",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105189"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10725805"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.0.1"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.1"
            },
            {
              "status": "affected",
              "version": "7.6.2.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.3"
            },
            {
              "status": "affected",
              "version": "7.6.2.4"
            },
            {
              "status": "affected",
              "version": "7.6.3"
            }
          ]
        }
      ],
      "datePublic": "2018-08-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:L/I:L/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Data Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-01T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20181699-sql-injection(145968)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145968"
        },
        {
          "name": "105189",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105189"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10725805"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-08-22T00:00:00",
          "ID": "CVE-2018-1699",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          },
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.0.1"
                          },
                          {
                            "version_value": "7.6.1"
                          },
                          {
                            "version_value": "7.6.2"
                          },
                          {
                            "version_value": "7.6.2.1"
                          },
                          {
                            "version_value": "7.6.2.2"
                          },
                          {
                            "version_value": "7.6.2.3"
                          },
                          {
                            "version_value": "7.6.2.4"
                          },
                          {
                            "version_value": "7.6.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Data Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20181699-sql-injection(145968)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145968"
            },
            {
              "name": "105189",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105189"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10725805",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10725805"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1699",
    "datePublished": "2018-08-24T11:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T18:03:26.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3973 (GCVE-0-2013-3973)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 16:30
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.900Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          },
          {
            "name": "IV39184",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39184"
          },
          {
            "name": "maximo-cve20133973-sql-injection(84850)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84850"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        },
        {
          "name": "IV39184",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39184"
        },
        {
          "name": "maximo-cve20133973-sql-injection(84850)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84850"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-3973",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            },
            {
              "name": "IV39184",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39184"
            },
            {
              "name": "maximo-cve20133973-sql-injection(84850)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84850"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-3973",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.900Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4486 (GCVE-0-2019-4486)
Vulnerability from cvelistv5
Published
2019-10-24 12:00
Modified
2024-09-17 02:27
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.470Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1075023"
          },
          {
            "name": "ibm-maximo-cve20194486-xss (164070)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-10-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/AC:L/C:L/S:C/PR:L/A:N/AV:N/I:L/RC:C/RL:O/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-24T12:00:39",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1075023"
        },
        {
          "name": "ibm-maximo-cve20194486-xss (164070)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-10-22T00:00:00",
          "ID": "CVE-2019-4486",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1075023",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1075023 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/1075023"
            },
            {
              "name": "ibm-maximo-cve20194486-xss (164070)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4486",
    "datePublished": "2019-10-24T12:00:39.114131Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T02:27:26.425Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1715 (GCVE-0-2018-1715)
Vulnerability from cvelistv5
Published
2018-08-16 13:00
Modified
2024-09-16 21:57
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
Version: 7.6.0
Version: 7.6.0.1
Version: 7.6.1
Version: 7.6.2
Version: 7.6.2.1
Version: 7.6.2.2
Version: 7.6.2.3
Version: 7.6.2.4
Version: 7.6.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20181715-xss(147003)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147003"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=swg22017453"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.0.1"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.1"
            },
            {
              "status": "affected",
              "version": "7.6.2.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.3"
            },
            {
              "status": "affected",
              "version": "7.6.2.4"
            },
            {
              "status": "affected",
              "version": "7.6.3"
            }
          ]
        }
      ],
      "datePublic": "2018-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-16T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20181715-xss(147003)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147003"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=swg22017453"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-08-14T00:00:00",
          "ID": "CVE-2018-1715",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          },
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.0.1"
                          },
                          {
                            "version_value": "7.6.1"
                          },
                          {
                            "version_value": "7.6.2"
                          },
                          {
                            "version_value": "7.6.2.1"
                          },
                          {
                            "version_value": "7.6.2.2"
                          },
                          {
                            "version_value": "7.6.2.3"
                          },
                          {
                            "version_value": "7.6.2.4"
                          },
                          {
                            "version_value": "7.6.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20181715-xss(147003)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147003"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=swg22017453",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=swg22017453"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1715",
    "datePublished": "2018-08-16T13:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T21:57:45.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-35281 (GCVE-0-2022-35281)
Vulnerability from cvelistv5
Published
2023-01-06 16:50
Modified
2025-04-09 13:54
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
CWE
  • CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Summary
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.1, 7.6.1.2, 7.6.1.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:36:44.163Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6852669"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230635"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-35281",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-09T13:54:38.947272Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-09T13:54:57.055Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.1, 7.6.1.2, 7.6.1.3"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Manage",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.3, 8.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection.  IBM X-Force ID:  2306335."
            }
          ],
          "value": "IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection.  IBM X-Force ID:  2306335."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1236",
              "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-09T07:07:39.912Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6852669"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230635"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Application Suite command injection",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-35281",
    "datePublished": "2023-01-06T16:50:24.699Z",
    "dateReserved": "2022-07-06T20:19:00.799Z",
    "dateUpdated": "2025-04-09T13:54:57.055Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4223 (GCVE-0-2020-4223)
Vulnerability from cvelistv5
Published
2020-06-26 13:45
Modified
2024-09-17 03:43
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.1
Version: 7.6.0.10
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:00:07.102Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6238376"
          },
          {
            "name": "ibm-maximo-cve20204223-xss (175121)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175121"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.1"
            },
            {
              "status": "affected",
              "version": "7.6.0.10"
            }
          ]
        }
      ],
      "datePublic": "2020-06-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/C:L/PR:L/S:C/AC:L/I:L/UI:R/AV:N/A:N/RC:C/E:H/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T13:45:30",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6238376"
        },
        {
          "name": "ibm-maximo-cve20204223-xss (175121)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175121"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-06-24T00:00:00",
          "ID": "CVE-2020-4223",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.1.1"
                          },
                          {
                            "version_value": "7.6.0.10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6238376",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6238376 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6238376"
            },
            {
              "name": "ibm-maximo-cve20204223-xss (175121)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175121"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4223",
    "datePublished": "2020-06-26T13:45:30.835640Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T03:43:41.360Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-2184 (GCVE-0-2012-2184)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 19:26
Severity ?
CWE
  • n/a
Summary
Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.625Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-session-fixation-iv19887(75780)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780"
          },
          {
            "name": "IV19887",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887"
          },
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-session-fixation-iv19887(75780)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780"
        },
        {
          "name": "IV19887",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887"
        },
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2184",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-session-fixation-iv19887(75780)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780"
            },
            {
              "name": "IV19887",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887"
            },
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2184",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:08.625Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4493 (GCVE-0-2020-4493)
Vulnerability from cvelistv5
Published
2020-10-05 13:25
Modified
2024-09-17 02:10
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CWE
  • Bypass Security
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.0
Version: 7.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.891Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6340281"
          },
          {
            "name": "ibm-maximo-cve20204493-auth-bypass (181995)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181995"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            }
          ]
        }
      ],
      "datePublic": "2020-10-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 8.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/PR:N/AC:L/A:H/S:U/UI:N/I:H/C:H/AV:N/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Bypass Security",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-05T13:25:14",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6340281"
        },
        {
          "name": "ibm-maximo-cve20204493-auth-bypass (181995)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181995"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-10-01T00:00:00",
          "ID": "CVE-2020-4493",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Bypass Security"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6340281",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6340281 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6340281"
            },
            {
              "name": "ibm-maximo-cve20204493-auth-bypass (181995)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181995"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4493",
    "datePublished": "2020-10-05T13:25:14.828378Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T02:10:47.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4967 (GCVE-0-2015-4967)
Vulnerability from cvelistv5
Published
2015-10-05 10:00
Modified
2024-08-06 06:32
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:32.184Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-10-05T02:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-4967",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-4967",
    "datePublished": "2015-10-05T10:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:32.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1396 (GCVE-0-2011-1396)
Vulnerability from cvelistv5
Published
2012-03-13 01:00
Modified
2024-08-06 22:28
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:40.295Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV09190",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "maximo-reporttype-xss(71999)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71999"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IV09190",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "maximo-reporttype-xss(71999)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71999"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1396",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV09190",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "maximo-reporttype-xss(71999)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71999"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1396",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-03-10T00:00:00",
    "dateUpdated": "2024-08-06T22:28:40.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9984 (GCVE-0-2016-9984)
Vulnerability from cvelistv5
Published
2017-06-13 19:00
Modified
2024-08-06 03:07
Severity ?
CWE
  • Gain Privileges
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.5
Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:31.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120276"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21998608"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-02-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-13T18:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120276"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21998608"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-9984",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120276",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120276"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21998608",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21998608"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-9984",
    "datePublished": "2017-06-13T19:00:00",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-08-06T03:07:31.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4591 (GCVE-0-2019-4591)
Vulnerability from cvelistv5
Published
2020-07-13 14:10
Modified
2024-09-17 01:26
Severity ?
5.9 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
CWE
  • Gain Access
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.0
Version: 7.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.351Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6245696"
          },
          {
            "name": "ibm-maximo-cve20194591-sec-bypass (167451)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167451"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            }
          ]
        }
      ],
      "datePublic": "2020-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/S:U/C:L/A:L/AC:L/I:L/AV:L/UI:N/PR:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-13T14:10:13",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6245696"
        },
        {
          "name": "ibm-maximo-cve20194591-sec-bypass (167451)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167451"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-07-10T00:00:00",
          "ID": "CVE-2019-4591",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "L",
              "C": "L",
              "I": "L",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6245696",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6245696 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6245696"
            },
            {
              "name": "ibm-maximo-cve20194591-sec-bypass (167451)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167451"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4591",
    "datePublished": "2020-07-13T14:10:14.017544Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T01:26:40.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3316 (GCVE-0-2012-3316)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 19:57
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:57:50.512Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "mam-tpae-xss(77813)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "IV24609",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "mam-tpae-xss(77813)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "IV24609",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3316",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "mam-tpae-xss(77813)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "IV24609",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3316",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T19:57:50.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4521 (GCVE-0-2020-4521)
Vulnerability from cvelistv5
Published
2020-09-15 13:50
Modified
2024-09-16 16:28
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CWE
  • Gain Access
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.0
Version: 7.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:49.003Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6332587"
          },
          {
            "name": "ibm-maximo-cve20204521-code-exec (182396)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182396"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            }
          ]
        }
      ],
      "datePublic": "2020-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/A:H/AV:N/I:H/S:U/C:H/UI:N/PR:L/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-15T13:50:24",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6332587"
        },
        {
          "name": "ibm-maximo-cve20204521-code-exec (182396)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182396"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-09-14T00:00:00",
          "ID": "CVE-2020-4521",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "H",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6332587",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6332587 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6332587"
            },
            {
              "name": "ibm-maximo-cve20204521-code-exec (182396)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182396"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4521",
    "datePublished": "2020-09-15T13:50:24.105005Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T16:28:11.807Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3333 (GCVE-0-2012-3333)
Vulnerability from cvelistv5
Published
2014-05-26 10:00
Modified
2024-08-06 20:05
Severity ?
CWE
  • n/a
Summary
CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:10.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV26377",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "ibm-maximo-cve20123333-httprs(78145)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78145"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV26377",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "ibm-maximo-cve20123333-httprs(78145)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78145"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3333",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV26377",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "ibm-maximo-cve20123333-httprs(78145)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78145"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3333",
    "datePublished": "2014-05-26T10:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T20:05:10.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4409 (GCVE-0-2020-4409)
Vulnerability from cvelistv5
Published
2020-09-16 15:55
Modified
2024-09-16 17:59
Severity ?
6.8 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C
CWE
  • Gain Access
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.0
Version: 7.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:00:07.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6333091"
          },
          {
            "name": "ibm-maximo-cve20204409-gain-access (179537)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            }
          ]
        }
      ],
      "datePublic": "2020-09-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/PR:L/C:N/UI:R/I:H/A:N/AC:L/S:C/AV:N/E:U/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-16T15:55:14",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6333091"
        },
        {
          "name": "ibm-maximo-cve20204409-gain-access (179537)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-09-15T00:00:00",
          "ID": "CVE-2020-4409",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "H",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6333091",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6333091 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6333091"
            },
            {
              "name": "ibm-maximo-cve20204409-gain-access (179537)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4409",
    "datePublished": "2020-09-16T15:55:14.429944Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T17:59:43.403Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-6194 (GCVE-0-2014-6194)
Vulnerability from cvelistv5
Published
2015-02-17 01:00
Modified
2024-08-06 12:10
Severity ?
CWE
  • n/a
Summary
Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:10:12.785Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20146194-dir-traversal(98605)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20146194-dir-traversal(98605)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6194",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20146194-dir-traversal(98605)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6194",
    "datePublished": "2015-02-17T01:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:10:12.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0914 (GCVE-0-2014-0914)
Vulnerability from cvelistv5
Published
2014-07-30 10:00
Modified
2024-08-06 09:27
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.
References
http://www.securityfocus.com/bid/68839 vdb-entry, x_refsource_BID
http://secunia.com/advisories/59640 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/533110/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://www-01.ibm.com/support/docview.wss?uid=swg21678885 x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679 vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/59570 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/91883 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.253Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "68839",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/68839"
          },
          {
            "name": "59640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59640"
          },
          {
            "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
          },
          {
            "name": "IV56679",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
          },
          {
            "name": "59570",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59570"
          },
          {
            "name": "ibm-maximo-cve20140914-xss(91883)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "68839",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/68839"
        },
        {
          "name": "59640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59640"
        },
        {
          "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
        },
        {
          "name": "IV56679",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
        },
        {
          "name": "59570",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59570"
        },
        {
          "name": "ibm-maximo-cve20140914-xss(91883)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0914",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "68839",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/68839"
            },
            {
              "name": "59640",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59640"
            },
            {
              "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
            },
            {
              "name": "IV56679",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
            },
            {
              "name": "59570",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59570"
            },
            {
              "name": "ibm-maximo-cve20140914-xss(91883)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0914",
    "datePublished": "2014-07-30T10:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4019 (GCVE-0-2013-4019)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 16:30
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
http://secunia.com/advisories/55070 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/85796 vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg1IV42664 vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/55068 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21651085 x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.566Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55070"
          },
          {
            "name": "maximo-cve20134019-xss(85796)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85796"
          },
          {
            "name": "IV42664",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42664"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "55070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55070"
        },
        {
          "name": "maximo-cve20134019-xss(85796)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85796"
        },
        {
          "name": "IV42664",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42664"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-4019",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55070"
            },
            {
              "name": "maximo-cve20134019-xss(85796)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85796"
            },
            {
              "name": "IV42664",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42664"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-4019",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.566Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-4817 (GCVE-0-2011-4817)
Vulnerability from cvelistv5
Published
2012-03-13 01:00
Modified
2024-08-07 00:16
Severity ?
CWE
  • n/a
Summary
The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account.
References
http://www.ibm.com/support/docview.wss?uid=swg21584666 x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/72004 vdb-entry, x_refsource_XF
http://secunia.com/advisories/48299 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/48305 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/52333 vdb-entry, x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197 vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:16:34.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "maximo-helpmenu-info-disclosure(72004)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "48305",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48305"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          },
          {
            "name": "IV09197",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "maximo-helpmenu-info-disclosure(72004)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "48305",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48305"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        },
        {
          "name": "IV09197",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2011-4817",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "maximo-helpmenu-info-disclosure(72004)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "48305",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "IV09197",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2011-4817",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-12-14T00:00:00",
    "dateUpdated": "2024-08-07T00:16:34.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4021 (GCVE-0-2013-4021)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 16:30
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to conduct unspecified file-inclusion attacks via unknown vectors.
References
http://secunia.com/advisories/55070 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/85826 vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg1IV42816 vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/55068 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21651085 x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.777Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55070"
          },
          {
            "name": "maximo-cve20134021-file-include(85826)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85826"
          },
          {
            "name": "IV42816",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42816"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to conduct unspecified file-inclusion attacks via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "55070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55070"
        },
        {
          "name": "maximo-cve20134021-file-include(85826)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85826"
        },
        {
          "name": "IV42816",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42816"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-4021",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to conduct unspecified file-inclusion attacks via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55070"
            },
            {
              "name": "maximo-cve20134021-file-include(85826)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85826"
            },
            {
              "name": "IV42816",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42816"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-4021",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.777Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45077 (GCVE-0-2024-45077)
Vulnerability from cvelistv5
Published
2025-01-24 15:38
Modified
2025-02-12 20:01
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE
  • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Summary
IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.3
    cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45077",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-24T16:08:51.913306Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:01:19.525Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system."
            }
          ],
          "value": "IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-98",
              "description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-24T15:38:03.611Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7174819"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Asset Management file upload",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-45077",
    "datePublished": "2025-01-24T15:38:03.611Z",
    "dateReserved": "2024-08-21T19:10:49.905Z",
    "dateUpdated": "2025-02-12T20:01:19.525Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7487 (GCVE-0-2015-7487)
Vulnerability from cvelistv5
Published
2016-01-27 02:00
Modified
2024-08-06 07:51
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:28.088Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-27T04:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7487",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7487",
    "datePublished": "2016-01-27T02:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:28.088Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-5016 (GCVE-0-2015-5016)
Vulnerability from cvelistv5
Published
2018-03-27 17:00
Modified
2024-08-06 06:32
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20155016-info-disc(106460)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-27T16:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20155016-info-disc(106460)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-5016",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20155016-info-disc(106460)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-5016",
    "datePublished": "2018-03-27T17:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4048 (GCVE-0-2019-4048)
Vulnerability from cvelistv5
Published
2019-06-06 00:35
Modified
2024-09-16 17:59
Severity ?
2.1 (Low) - CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.989Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
          },
          {
            "name": "ibm-maximo-cve20194048-info-disc (156311)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 1.9,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:L/S:U/UI:N/A:N/I:N/PR:L/AV:P/AC:L/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-06T00:35:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
        },
        {
          "name": "ibm-maximo-cve20194048-info-disc (156311)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-03T00:00:00",
          "ID": "CVE-2019-4048",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "P",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880147",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 880147 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
            },
            {
              "name": "ibm-maximo-cve20194048-info-disc (156311)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4048",
    "datePublished": "2019-06-06T00:35:18.759822Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T17:59:00.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0104 (GCVE-0-2015-0104)
Vulnerability from cvelistv5
Published
2017-04-24 06:12
Modified
2024-08-06 03:55
Severity ?
CWE
  • n/a
Summary
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:28.068Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "97999",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97999"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-26T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "97999",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97999"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-0104",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "97999",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97999"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-0104",
    "datePublished": "2017-04-24T06:12:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T03:55:28.068Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2986 (GCVE-0-2025-2986)
Vulnerability from cvelistv5
Published
2025-04-25 11:07
Modified
2025-04-25 13:54
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.3
    cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2986",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-25T13:53:52.140912Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-25T13:54:06.785Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "value": "IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-25T11:07:58.228Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7231785"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Asset Management cross-site scripting",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-2986",
    "datePublished": "2025-04-25T11:07:58.228Z",
    "dateReserved": "2025-03-30T12:39:17.663Z",
    "dateUpdated": "2025-04-25T13:54:06.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5402 (GCVE-0-2013-5402)
Vulnerability from cvelistv5
Published
2013-12-18 11:00
Modified
2024-08-06 17:06
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:06:52.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "64333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/64333"
          },
          {
            "name": "ibm-maximo-cve20135402-xss(87298)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
          },
          {
            "name": "IV49268",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "64333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/64333"
        },
        {
          "name": "ibm-maximo-cve20135402-xss(87298)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
        },
        {
          "name": "IV49268",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5402",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "64333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/64333"
            },
            {
              "name": "ibm-maximo-cve20135402-xss(87298)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
            },
            {
              "name": "IV49268",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-5402",
    "datePublished": "2013-12-18T11:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:06:52.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0222 (GCVE-0-2016-0222)
Vulnerability from cvelistv5
Published
2016-03-14 01:00
Modified
2024-08-05 22:08
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:08:13.354Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-03-14T01:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0222",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0222",
    "datePublished": "2016-03-14T01:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:08:13.354Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1175 (GCVE-0-2017-1175)
Vulnerability from cvelistv5
Published
2017-07-05 17:00
Modified
2024-09-16 23:26
Severity ?
CWE
  • Data Manipulation
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.1
Version: 7.5
Version: 7.1.1
Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.417Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22005212"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123297"
          },
          {
            "name": "99363",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99363"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Data Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-06T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22005212"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123297"
        },
        {
          "name": "99363",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99363"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-06-30T00:00:00",
          "ID": "CVE-2017-1175",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.1"
                          },
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.1.1"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Data Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22005212",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005212"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123297",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123297"
            },
            {
              "name": "99363",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99363"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1175",
    "datePublished": "2017-07-05T17:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T23:26:09.122Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-5051 (GCVE-0-2015-5051)
Vulnerability from cvelistv5
Published
2016-01-03 02:00
Modified
2024-08-06 06:32
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:32.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-03T04:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-5051",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-5051",
    "datePublished": "2016-01-03T02:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:32.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3323 (GCVE-0-2012-3323)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 20:05
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors.
References
http://secunia.com/advisories/55070 third-party-advisory, x_refsource_SECUNIA
http://osvdb.org/97924 vdb-entry, x_refsource_OSVDB
http://www-01.ibm.com/support/docview.wss?uid=swg1IV23506 vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/55068 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21651085 x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/77920 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:10.798Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55070"
          },
          {
            "name": "97924",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/97924"
          },
          {
            "name": "IV23506",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23506"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          },
          {
            "name": "maximo-cve20123323-priv-esc(77920)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "55070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55070"
        },
        {
          "name": "97924",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/97924"
        },
        {
          "name": "IV23506",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23506"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        },
        {
          "name": "maximo-cve20123323-priv-esc(77920)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3323",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55070"
            },
            {
              "name": "97924",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/97924"
            },
            {
              "name": "IV23506",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23506"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            },
            {
              "name": "maximo-cve20123323-priv-esc(77920)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3323",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T20:05:10.798Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5460 (GCVE-0-2013-5460)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 17:15
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.322Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20135460-info-disc(88308)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88308"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "IV46745",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46745"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20135460-info-disc(88308)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88308"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "IV46745",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46745"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5460",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20135460-info-disc(88308)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88308"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "IV46745",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46745"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-5460",
    "datePublished": "2014-05-26T16:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.322Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3327 (GCVE-0-2012-3327)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 20:05
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:10.857Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "mam-login-xss(78039)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039"
          },
          {
            "name": "IV22698",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "mam-login-xss(78039)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039"
        },
        {
          "name": "IV22698",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3327",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "mam-login-xss(78039)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039"
            },
            {
              "name": "IV22698",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3327",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T20:05:10.857Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-6741 (GCVE-0-2013-6741)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 17:46
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:46:22.940Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "ibm-maximo-cve20136741-info-disc(89857)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
          },
          {
            "name": "IV50316",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "ibm-maximo-cve20136741-info-disc(89857)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
        },
        {
          "name": "IV50316",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-6741",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "ibm-maximo-cve20136741-info-disc(89857)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
            },
            {
              "name": "IV50316",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-6741",
    "datePublished": "2014-05-26T16:00:00",
    "dateReserved": "2013-11-08T00:00:00",
    "dateUpdated": "2024-08-06T17:46:22.940Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0825 (GCVE-0-2014-0825)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 09:27
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "ibm-maximo-cve20140825-xss(90501)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
          },
          {
            "name": "IV53362",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "ibm-maximo-cve20140825-xss(90501)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
        },
        {
          "name": "IV53362",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0825",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "ibm-maximo-cve20140825-xss(90501)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
            },
            {
              "name": "IV53362",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0825",
    "datePublished": "2014-05-26T16:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.067Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5905 (GCVE-0-2016-5905)
Vulnerability from cvelistv5
Published
2016-11-30 11:00
Modified
2024-08-06 01:15
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:09.909Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "93871",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93871"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988253"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-30T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "93871",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93871"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988253"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-5905",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93871",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93871"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988253",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988253"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-5905",
    "datePublished": "2016-11-30T11:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:15:09.909Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3971 (GCVE-0-2013-3971)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 16:30
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3049.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.297Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "maximo-cve20133971-sec-bypass(84848)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84848"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "name": "IV37459",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV37459"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3049."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "maximo-cve20133971-sec-bypass(84848)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84848"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "name": "IV37459",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV37459"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-3971",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3049."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "maximo-cve20133971-sec-bypass(84848)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84848"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "IV37459",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV37459"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-3971",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4966 (GCVE-0-2015-4966)
Vulnerability from cvelistv5
Published
2015-11-08 22:00
Modified
2024-08-06 06:32
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.676Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-11-08T21:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-4966",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-4966",
    "datePublished": "2015-11-08T22:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.676Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-8924 (GCVE-0-2016-8924)
Vulnerability from cvelistv5
Published
2017-04-26 17:00
Modified
2024-08-06 02:35
Severity ?
CWE
  • Gain Privileges
Summary
IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537.
References
Impacted products
Vendor Product Version
IBM Corporation Maximo Asset Management Version: 7.1, 7.1.1, 7.5, 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:35:02.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "98023",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98023"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21996256"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "7.1, 7.1.1, 7.5, 7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-04-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 118537."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-27T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "98023",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98023"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21996256"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-8924",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.1, 7.1.1, 7.5, 7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 118537."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "98023",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98023"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21996256",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21996256"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-8924",
    "datePublished": "2017-04-26T17:00:00",
    "dateReserved": "2016-10-25T00:00:00",
    "dateUpdated": "2024-08-06T02:35:02.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1524 (GCVE-0-2018-1524)
Vulnerability from cvelistv5
Published
2018-08-03 15:00
Modified
2024-09-16 18:29
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CWE
  • Gain Access
Summary
IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
Version: 7.6.0
Version: 7.6.0.1
Version: 7.6.1
Version: 7.6.2
Version: 7.6.2.1
Version: 7.6.2.2
Version: 7.6.2.3
Version: 7.6.2.4
Version: 7.6.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:43.394Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20181524-default-account(142116)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142116"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=swg22017452"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.0.1"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.1"
            },
            {
              "status": "affected",
              "version": "7.6.2.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.3"
            },
            {
              "status": "affected",
              "version": "7.6.2.4"
            },
            {
              "status": "affected",
              "version": "7.6.3"
            }
          ]
        }
      ],
      "datePublic": "2018-07-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:N/C:H/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-06T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20181524-default-account(142116)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142116"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=swg22017452"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-07-31T00:00:00",
          "ID": "CVE-2018-1524",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          },
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.0.1"
                          },
                          {
                            "version_value": "7.6.1"
                          },
                          {
                            "version_value": "7.6.2"
                          },
                          {
                            "version_value": "7.6.2.1"
                          },
                          {
                            "version_value": "7.6.2.2"
                          },
                          {
                            "version_value": "7.6.2.3"
                          },
                          {
                            "version_value": "7.6.2.4"
                          },
                          {
                            "version_value": "7.6.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "H",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20181524-default-account(142116)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142116"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=swg22017452",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=swg22017452"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1524",
    "datePublished": "2018-08-03T15:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T18:29:30.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5382 (GCVE-0-2013-5382)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 17:06
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5383.
References
http://secunia.com/advisories/55070 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/86933 vdb-entry, x_refsource_XF
http://secunia.com/advisories/55068 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21651085 x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IV40210 vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:06:52.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55070"
          },
          {
            "name": "maximo-cve20135382-priv-esc(86933)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86933"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          },
          {
            "name": "IV40210",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40210"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5383."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "55070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55070"
        },
        {
          "name": "maximo-cve20135382-priv-esc(86933)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86933"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        },
        {
          "name": "IV40210",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40210"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5382",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5383."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55070"
            },
            {
              "name": "maximo-cve20135382-priv-esc(86933)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86933"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            },
            {
              "name": "IV40210",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40210"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-5382",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:06:52.406Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-4819 (GCVE-0-2011-4819)
Vulnerability from cvelistv5
Published
2012-03-13 01:00
Modified
2024-08-07 00:16
Severity ?
CWE
  • n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:16:35.046Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "maximo-uisesionid-xss(72008)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72008"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          },
          {
            "name": "IV09202",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "maximo-uisesionid-xss(72008)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72008"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        },
        {
          "name": "IV09202",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2011-4819",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "maximo-uisesionid-xss(72008)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72008"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "IV09202",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2011-4819",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-12-14T00:00:00",
    "dateUpdated": "2024-08-07T00:16:35.046Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1124 (GCVE-0-2017-1124)
Vulnerability from cvelistv5
Published
2017-03-07 17:00
Modified
2024-08-05 13:25
Severity ?
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053.
References
Impacted products
Vendor Product Version
IBM Corporation Maximo Asset Management Version: 6.2
Version: 7.1
Version: 7.5
Version: 7.5.0.0
Version: 7.5.0.10
Version: 7.1.0.0
Version: 6.2.0.0
Version: 7.2
Version: 7.1.1
Version: 7.1.2
Version: 7.2.1
Version: 6.2.1
Version: 6.2.2
Version: 6.2.3
Version: 6.2.4
Version: 6.2.5
Version: 6.2.6
Version: 6.2.7
Version: 6.2.8
Version: 7.1.1.1
Version: 7.1.1.10
Version: 7.1.1.11
Version: 7.1.1.12
Version: 7.1.1.2
Version: 7.1.1.5
Version: 7.1.1.6
Version: 7.1.1.7
Version: 7.1.1.8
Version: 7.1.1.9
Version: 7.5.0.1
Version: 7.5.0.2
Version: 7.5.0.3
Version: 7.5.0.4
Version: 7.5.0.5
Version: 7.6
Version: 7.5.0
Version: 7.6.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21998053"
          },
          {
            "name": "96536",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96536"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.5.0.0"
            },
            {
              "status": "affected",
              "version": "7.5.0.10"
            },
            {
              "status": "affected",
              "version": "7.1.0.0"
            },
            {
              "status": "affected",
              "version": "6.2.0.0"
            },
            {
              "status": "affected",
              "version": "7.2"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.1.2"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "6.2.2"
            },
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.2.4"
            },
            {
              "status": "affected",
              "version": "6.2.5"
            },
            {
              "status": "affected",
              "version": "6.2.6"
            },
            {
              "status": "affected",
              "version": "6.2.7"
            },
            {
              "status": "affected",
              "version": "6.2.8"
            },
            {
              "status": "affected",
              "version": "7.1.1.1"
            },
            {
              "status": "affected",
              "version": "7.1.1.10"
            },
            {
              "status": "affected",
              "version": "7.1.1.11"
            },
            {
              "status": "affected",
              "version": "7.1.1.12"
            },
            {
              "status": "affected",
              "version": "7.1.1.2"
            },
            {
              "status": "affected",
              "version": "7.1.1.5"
            },
            {
              "status": "affected",
              "version": "7.1.1.6"
            },
            {
              "status": "affected",
              "version": "7.1.1.7"
            },
            {
              "status": "affected",
              "version": "7.1.1.8"
            },
            {
              "status": "affected",
              "version": "7.1.1.9"
            },
            {
              "status": "affected",
              "version": "7.5.0.1"
            },
            {
              "status": "affected",
              "version": "7.5.0.2"
            },
            {
              "status": "affected",
              "version": "7.5.0.3"
            },
            {
              "status": "affected",
              "version": "7.5.0.4"
            },
            {
              "status": "affected",
              "version": "7.5.0.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            },
            {
              "status": "affected",
              "version": "7.5.0"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            }
          ]
        }
      ],
      "datePublic": "2017-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-08T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21998053"
        },
        {
          "name": "96536",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96536"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1124",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.2"
                          },
                          {
                            "version_value": "7.1"
                          },
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.5.0.0"
                          },
                          {
                            "version_value": "7.5.0.10"
                          },
                          {
                            "version_value": "7.1.0.0"
                          },
                          {
                            "version_value": "6.2.0.0"
                          },
                          {
                            "version_value": "7.2"
                          },
                          {
                            "version_value": "7.1.1"
                          },
                          {
                            "version_value": "7.1.2"
                          },
                          {
                            "version_value": "7.2.1"
                          },
                          {
                            "version_value": "6.2.1"
                          },
                          {
                            "version_value": "6.2.2"
                          },
                          {
                            "version_value": "6.2.3"
                          },
                          {
                            "version_value": "6.2.4"
                          },
                          {
                            "version_value": "6.2.5"
                          },
                          {
                            "version_value": "6.2.6"
                          },
                          {
                            "version_value": "6.2.7"
                          },
                          {
                            "version_value": "6.2.8"
                          },
                          {
                            "version_value": "7.1.1.1"
                          },
                          {
                            "version_value": "7.1.1.10"
                          },
                          {
                            "version_value": "7.1.1.11"
                          },
                          {
                            "version_value": "7.1.1.12"
                          },
                          {
                            "version_value": "7.1.1.2"
                          },
                          {
                            "version_value": "7.1.1.5"
                          },
                          {
                            "version_value": "7.1.1.6"
                          },
                          {
                            "version_value": "7.1.1.7"
                          },
                          {
                            "version_value": "7.1.1.8"
                          },
                          {
                            "version_value": "7.1.1.9"
                          },
                          {
                            "version_value": "7.5.0.1"
                          },
                          {
                            "version_value": "7.5.0.2"
                          },
                          {
                            "version_value": "7.5.0.3"
                          },
                          {
                            "version_value": "7.5.0.4"
                          },
                          {
                            "version_value": "7.5.0.5"
                          },
                          {
                            "version_value": "7.6"
                          },
                          {
                            "version_value": "7.5.0"
                          },
                          {
                            "version_value": "7.6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21998053",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21998053"
            },
            {
              "name": "96536",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96536"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1124",
    "datePublished": "2017-03-07T17:00:00",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:25:17.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1352 (GCVE-0-2017-1352)
Vulnerability from cvelistv5
Published
2017-09-12 21:00
Modified
2024-09-16 17:08
Severity ?
CWE
  • Gain Privileges
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.5
Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.243Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22006650"
          },
          {
            "name": "100697",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100697"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126538"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-09-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-13T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22006650"
        },
        {
          "name": "100697",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100697"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126538"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-09-06T00:00:00",
          "ID": "CVE-2017-1352",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22006650",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006650"
            },
            {
              "name": "100697",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100697"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126538",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126538"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1352",
    "datePublished": "2017-09-12T21:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T17:08:59.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4056 (GCVE-0-2019-4056)
Vulnerability from cvelistv5
Published
2019-06-06 00:35
Modified
2024-09-16 17:34
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
CWE
  • File Manipulation
Summary
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
          },
          {
            "name": "ibm-maximo-cve20194056-file-upload (156565)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 Work Centers\u0027 application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/I:L/PR:L/AV:N/A:N/C:N/S:U/UI:N/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "File Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-06T00:35:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
        },
        {
          "name": "ibm-maximo-cve20194056-file-upload (156565)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-03T00:00:00",
          "ID": "CVE-2019-4056",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 Work Centers\u0027 application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "File Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880149",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 880149 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
            },
            {
              "name": "ibm-maximo-cve20194056-file-upload (156565)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4056",
    "datePublished": "2019-06-06T00:35:18.806739Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T17:34:20.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-8987 (GCVE-0-2016-8987)
Vulnerability from cvelistv5
Published
2017-06-08 21:00
Modified
2024-08-06 02:35
Severity ?
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.1
Version: 7.5
Version: 7.1.1
Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:35:02.333Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21996255"
          },
          {
            "name": "97369",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97369"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119039"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-04-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-09T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21996255"
        },
        {
          "name": "97369",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97369"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119039"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-8987",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.1"
                          },
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.1.1"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21996255",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21996255"
            },
            {
              "name": "97369",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97369"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119039",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119039"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-8987",
    "datePublished": "2017-06-08T21:00:00",
    "dateReserved": "2016-10-25T00:00:00",
    "dateUpdated": "2024-08-06T02:35:02.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1176 (GCVE-0-2017-1176)
Vulnerability from cvelistv5
Published
2017-07-05 17:00
Modified
2024-09-16 19:14
Severity ?
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.1
Version: 7.5
Version: 7.1.1
Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.330Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123299"
          },
          {
            "name": "99371",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99371"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22005210"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-06T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123299"
        },
        {
          "name": "99371",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99371"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22005210"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-06-30T00:00:00",
          "ID": "CVE-2017-1176",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.1"
                          },
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.1.1"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123299",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123299"
            },
            {
              "name": "99371",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99371"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22005210",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005210"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1176",
    "datePublished": "2017-07-05T17:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T19:14:14.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-38935 (GCVE-0-2021-38935)
Vulnerability from cvelistv5
Published
2022-02-18 17:35
Modified
2024-09-17 00:11
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:51:20.910Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6557318"
          },
          {
            "name": "ibm-maximo-cve202138935-info-disc (210892)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210892"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.2"
            }
          ]
        }
      ],
      "datePublic": "2022-02-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:H/A:N/S:U/AV:N/PR:N/UI:N/C:H/I:N/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-18T17:35:17",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6557318"
        },
        {
          "name": "ibm-maximo-cve202138935-info-disc (210892)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210892"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-02-17T00:00:00",
          "ID": "CVE-2021-38935",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6557318",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6557318 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6557318"
            },
            {
              "name": "ibm-maximo-cve202138935-info-disc (210892)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210892"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-38935",
    "datePublished": "2022-02-18T17:35:17.263836Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-09-17T00:11:40.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0399 (GCVE-0-2016-0399)
Vulnerability from cvelistv5
Published
2016-07-02 14:00
Modified
2024-08-05 22:15
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:24.378Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984134"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-07-02T14:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984134"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0399",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21984134",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984134"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0399",
    "datePublished": "2016-07-02T14:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:24.378Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-22435 (GCVE-0-2022-22435)
Vulnerability from cvelistv5
Published
2022-04-21 16:35
Modified
2024-09-16 19:20
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:14:55.190Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6573669"
          },
          {
            "name": "ibm-maximo-cve202222435-xss (224162)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224162"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.2"
            }
          ]
        }
      ],
      "datePublic": "2022-04-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/AV:N/PR:L/C:L/A:N/AC:L/S:C/I:L/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-21T16:35:17",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6573669"
        },
        {
          "name": "ibm-maximo-cve202222435-xss (224162)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224162"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-04-20T00:00:00",
          "ID": "CVE-2022-22435",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6573669",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6573669 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6573669"
            },
            {
              "name": "ibm-maximo-cve202222435-xss (224162)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224162"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-22435",
    "datePublished": "2022-04-21T16:35:17.627573Z",
    "dateReserved": "2022-01-03T00:00:00",
    "dateUpdated": "2024-09-16T19:20:35.734Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1686 (GCVE-0-2018-1686)
Vulnerability from cvelistv5
Published
2018-10-05 13:00
Modified
2024-09-16 16:19
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
Version: 7.6.0
Version: 7.6.0.1
Version: 7.6.1
Version: 7.6.2
Version: 7.6.2.1
Version: 7.6.2.2
Version: 7.6.2.3
Version: 7.6.2.4
Version: 7.6.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20181686-xss(145505)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145505"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10728865"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.0.1"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.1"
            },
            {
              "status": "affected",
              "version": "7.6.2.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.3"
            },
            {
              "status": "affected",
              "version": "7.6.2.4"
            },
            {
              "status": "affected",
              "version": "7.6.3"
            }
          ]
        }
      ],
      "datePublic": "2018-10-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-05T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20181686-xss(145505)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145505"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10728865"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-10-03T00:00:00",
          "ID": "CVE-2018-1686",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          },
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.0.1"
                          },
                          {
                            "version_value": "7.6.1"
                          },
                          {
                            "version_value": "7.6.2"
                          },
                          {
                            "version_value": "7.6.2.1"
                          },
                          {
                            "version_value": "7.6.2.2"
                          },
                          {
                            "version_value": "7.6.2.3"
                          },
                          {
                            "version_value": "7.6.2.4"
                          },
                          {
                            "version_value": "7.6.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20181686-xss(145505)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145505"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10728865",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10728865"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1686",
    "datePublished": "2018-10-05T13:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T16:19:07.337Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4016 (GCVE-0-2013-4016)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 16:30
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.379Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "ibm-maximo-cve20134016-sqli(85793)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
          },
          {
            "name": "IV41871",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "ibm-maximo-cve20134016-sqli(85793)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
        },
        {
          "name": "IV41871",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-4016",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "ibm-maximo-cve20134016-sqli(85793)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
            },
            {
              "name": "IV41871",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-4016",
    "datePublished": "2014-05-26T16:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-4818 (GCVE-0-2011-4818)
Vulnerability from cvelistv5
Published
2012-03-13 01:00
Modified
2024-08-07 00:16
Severity ?
CWE
  • n/a
Summary
Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:16:35.027Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "maximo-uisessionid-open-redirect(72006)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72006"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "IV09200",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "maximo-uisessionid-open-redirect(72006)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72006"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "IV09200",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2011-4818",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "maximo-uisessionid-open-redirect(72006)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72006"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "IV09200",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2011-4818",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-12-14T00:00:00",
    "dateUpdated": "2024-08-07T00:16:35.027Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4650 (GCVE-0-2019-4650)
Vulnerability from cvelistv5
Published
2020-06-26 13:45
Modified
2024-09-17 04:14
Severity ?
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
CWE
  • Data Manipulation
Summary
IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:48.180Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6223922"
          },
          {
            "name": "ibm-maximo-cve20194650-sql-injection (170961)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170961"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.1"
            }
          ]
        }
      ],
      "datePublic": "2020-06-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:L/AV:N/AC:L/I:L/UI:N/S:U/C:L/PR:L/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Data Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-26T13:45:30",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6223922"
        },
        {
          "name": "ibm-maximo-cve20194650-sql-injection (170961)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170961"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-06-24T00:00:00",
          "ID": "CVE-2019-4650",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Data Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6223922",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6223922 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6223922"
            },
            {
              "name": "ibm-maximo-cve20194650-sql-injection (170961)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170961"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4650",
    "datePublished": "2020-06-26T13:45:30.407618Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T04:14:29.055Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7395 (GCVE-0-2015-7395)
Vulnerability from cvelistv5
Published
2015-11-08 02:00
Modified
2024-08-06 07:51
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.264Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-11-08T02:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7395",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7395",
    "datePublished": "2015-11-08T02:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.264Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-2998 (GCVE-0-2013-2998)
Vulnerability from cvelistv5
Published
2014-05-26 10:00
Modified
2024-08-06 15:52
Severity ?
CWE
  • n/a
Summary
frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:52:21.683Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV34110",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV34110"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "ibm-maximo-cve20132998-info-disc(84841)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84841"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV34110",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV34110"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "ibm-maximo-cve20132998-info-disc(84841)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84841"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-2998",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV34110",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV34110"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "ibm-maximo-cve20132998-info-disc(84841)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84841"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-2998",
    "datePublished": "2014-05-26T10:00:00",
    "dateReserved": "2013-04-12T00:00:00",
    "dateUpdated": "2024-08-06T15:52:21.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-1933 (GCVE-0-2015-1933)
Vulnerability from cvelistv5
Published
2015-10-04 01:00
Modified
2024-08-06 05:02
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:41.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-10-04T02:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1933",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1933",
    "datePublished": "2015-10-04T01:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T05:02:41.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3323 (GCVE-0-2013-3323)
Vulnerability from cvelistv5
Published
2020-02-18 16:03
Modified
2024-08-06 16:07
Severity ?
CWE
  • n/a
Summary
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62685"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/235239"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-18T16:03:12",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/62685"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/235239"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-3323",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.securityfocus.com/bid/62685",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/62685"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
            },
            {
              "name": "https://www.ibm.com/support/pages/node/235239",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/pages/node/235239"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-3323",
    "datePublished": "2020-02-18T16:03:12",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0747 (GCVE-0-2012-0747)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 18:38
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
http://osvdb.org/85186 vdb-entry, x_refsource_OSVDB
http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032 vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/50551 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21610081 x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/74731 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.981Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "85186",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/85186"
          },
          {
            "name": "IV16032",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032"
          },
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          },
          {
            "name": "ibm-maximo-sql-injection-iv16032(74731)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74731"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "85186",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/85186"
        },
        {
          "name": "IV16032",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032"
        },
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        },
        {
          "name": "ibm-maximo-sql-injection-iv16032(74731)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74731"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0747",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "85186",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/85186"
            },
            {
              "name": "IV16032",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032"
            },
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            },
            {
              "name": "ibm-maximo-sql-injection-iv16032(74731)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74731"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0747",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1414 (GCVE-0-2018-1414)
Vulnerability from cvelistv5
Published
2018-02-22 19:00
Modified
2024-09-17 03:59
Severity ?
CWE
  • Data Manipulation
Summary
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.5
Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.037Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103154",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103154"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2018-02-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Data Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-27T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "103154",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103154"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-02-20T00:00:00",
          "ID": "CVE-2018-1414",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Data Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "103154",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103154"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22013797",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1414",
    "datePublished": "2018-02-22T19:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T03:59:50.300Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29854 (GCVE-0-2021-29854)
Vulnerability from cvelistv5
Published
2022-05-03 18:20
Modified
2024-09-16 19:51
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Gain Access
Summary
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.1
Version: 7.6.1.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:03.163Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6579187"
          },
          {
            "name": "ibm-maximo-cve202129854-header-injection (205680)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205680"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.1"
            },
            {
              "status": "affected",
              "version": "7.6.1.2"
            }
          ]
        }
      ],
      "datePublic": "2022-05-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/UI:N/PR:L/C:L/S:U/AV:N/I:L/A:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-03T18:20:11",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6579187"
        },
        {
          "name": "ibm-maximo-cve202129854-header-injection (205680)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205680"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-05-02T00:00:00",
          "ID": "CVE-2021-29854",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.1.1"
                          },
                          {
                            "version_value": "7.6.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6579187",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6579187 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6579187"
            },
            {
              "name": "ibm-maximo-cve202129854-header-injection (205680)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205680"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29854",
    "datePublished": "2022-05-03T18:20:11.758584Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-16T19:51:21.262Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-0451 (GCVE-0-2013-0451)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 14:25
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
http://secunia.com/advisories/55070 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IV24726 vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/55068 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21651085 x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/80967 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:25:10.475Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55070"
          },
          {
            "name": "IV24726",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24726"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          },
          {
            "name": "maximo-cve20130451-sql-injection(80967)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80967"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "55070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55070"
        },
        {
          "name": "IV24726",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24726"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        },
        {
          "name": "maximo-cve20130451-sql-injection(80967)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80967"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-0451",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55070"
            },
            {
              "name": "IV24726",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24726"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            },
            {
              "name": "maximo-cve20130451-sql-injection(80967)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80967"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-0451",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T14:25:10.475Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4013 (GCVE-0-2013-4013)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 16:30
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.
References
http://secunia.com/advisories/55070 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IV39202 vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/55068 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21651085 x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/85791 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.378Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55070"
          },
          {
            "name": "IV39202",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39202"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          },
          {
            "name": "maximo-cve20134013-infodisc(85791)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85791"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "55070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55070"
        },
        {
          "name": "IV39202",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39202"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        },
        {
          "name": "maximo-cve20134013-infodisc(85791)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85791"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-4013",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55070"
            },
            {
              "name": "IV39202",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39202"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            },
            {
              "name": "maximo-cve20134013-infodisc(85791)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85791"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-4013",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.378Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20374 (GCVE-0-2021-20374)
Vulnerability from cvelistv5
Published
2021-05-19 19:40
Modified
2024-09-16 22:20
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195522.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.0
Version: 7.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:24.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6454205"
          },
          {
            "name": "ibm-maximo-cve202120374-xss (195522)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195522"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-05-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195522."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/S:U/AV:N/I:L/PR:N/C:L/A:N/AC:L/RC:C/E:H/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-19T19:40:21",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6454205"
        },
        {
          "name": "ibm-maximo-cve202120374-xss (195522)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195522"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-05-18T00:00:00",
          "ID": "CVE-2021-20374",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195522."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6454205",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6454205 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6454205"
            },
            {
              "name": "ibm-maximo-cve202120374-xss (195522)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195522"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20374",
    "datePublished": "2021-05-19T19:40:21.127628Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-16T22:20:54.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0915 (GCVE-0-2014-0915)
Vulnerability from cvelistv5
Published
2014-07-30 10:00
Modified
2024-08-06 09:27
Severity ?
CWE
  • n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.
References
http://www-01.ibm.com/support/docview.wss?uid=swg21678894 x_refsource_CONFIRM
http://secunia.com/advisories/59640 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680 vendor-advisory, x_refsource_AIXAPAR
http://www.securityfocus.com/archive/1/533110/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/59570 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/91884 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
          },
          {
            "name": "59640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59640"
          },
          {
            "name": "IV56680",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
          },
          {
            "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
          },
          {
            "name": "59570",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59570"
          },
          {
            "name": "ibm-maximo-cve20140915-xss(91884)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
        },
        {
          "name": "59640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59640"
        },
        {
          "name": "IV56680",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
        },
        {
          "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
        },
        {
          "name": "59570",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59570"
        },
        {
          "name": "ibm-maximo-cve20140915-xss(91884)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0915",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
            },
            {
              "name": "59640",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59640"
            },
            {
              "name": "IV56680",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
            },
            {
              "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
            },
            {
              "name": "59570",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59570"
            },
            {
              "name": "ibm-maximo-cve20140915-xss(91884)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0915",
    "datePublished": "2014-07-30T10:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0107 (GCVE-0-2015-0107)
Vulnerability from cvelistv5
Published
2017-04-24 06:12
Modified
2024-08-06 03:55
Severity ?
CWE
  • n/a
Summary
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:28.081Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "97998",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97998"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-26T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "97998",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97998"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-0107",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "97998",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97998"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-0107",
    "datePublished": "2017-04-24T06:12:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T03:55:28.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3025 (GCVE-0-2014-3025)
Vulnerability from cvelistv5
Published
2014-07-30 10:00
Modified
2024-08-06 10:28
Severity ?
CWE
  • n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.
References
http://www-01.ibm.com/support/docview.wss?uid=swg21678754 x_refsource_CONFIRM
http://secunia.com/advisories/59640 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/93064 vdb-entry, x_refsource_XF
http://secunia.com/advisories/59570 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241 vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.365Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
          },
          {
            "name": "59640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59640"
          },
          {
            "name": "ibm-maximo-cve20143025-xss(93064)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
          },
          {
            "name": "59570",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59570"
          },
          {
            "name": "IV57241",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
        },
        {
          "name": "59640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59640"
        },
        {
          "name": "ibm-maximo-cve20143025-xss(93064)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
        },
        {
          "name": "59570",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59570"
        },
        {
          "name": "IV57241",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3025",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
            },
            {
              "name": "59640",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59640"
            },
            {
              "name": "ibm-maximo-cve20143025-xss(93064)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
            },
            {
              "name": "59570",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59570"
            },
            {
              "name": "IV57241",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3025",
    "datePublished": "2014-07-30T10:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29744 (GCVE-0-2021-29744)
Vulnerability from cvelistv5
Published
2021-08-27 15:20
Modified
2024-09-16 22:30
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.0
Version: 7.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:02.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6484391"
          },
          {
            "name": "ibm-maximo-cve202129744-xss (201694)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201694"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-08-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/UI:R/AC:L/S:C/C:L/AV:N/I:L/PR:L/RC:C/RL:O/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-27T15:20:11",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6484391"
        },
        {
          "name": "ibm-maximo-cve202129744-xss (201694)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201694"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-08-26T00:00:00",
          "ID": "CVE-2021-29744",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6484391",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6484391 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6484391"
            },
            {
              "name": "ibm-maximo-cve202129744-xss (201694)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201694"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29744",
    "datePublished": "2021-08-27T15:20:11.117113Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-16T22:30:22.663Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3972 (GCVE-0-2013-3972)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 16:30
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.081Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV39089",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39089"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          },
          {
            "name": "maximo-cve20133972-infodisc(84849)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84849"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV39089",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39089"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        },
        {
          "name": "maximo-cve20133972-infodisc(84849)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84849"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-3972",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV39089",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39089"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            },
            {
              "name": "maximo-cve20133972-infodisc(84849)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84849"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-3972",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4446 (GCVE-0-2019-4446)
Vulnerability from cvelistv5
Published
2020-04-17 13:25
Modified
2024-09-16 17:38
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:38.016Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6190215"
          },
          {
            "name": "ibm-maximo-cve20194446-insecure-perms (163490)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2020-04-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/AV:N/PR:L/A:N/I:L/S:U/C:L/AC:L/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-17T13:25:25",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6190215"
        },
        {
          "name": "ibm-maximo-cve20194446-insecure-perms (163490)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-04-16T00:00:00",
          "ID": "CVE-2019-4446",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6190215",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6190215 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6190215"
            },
            {
              "name": "ibm-maximo-cve20194446-insecure-perms (163490)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4446",
    "datePublished": "2020-04-17T13:25:25.783081Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T17:38:35.193Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3047 (GCVE-0-2013-3047)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 16:00
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:00:09.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV35721",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV35721"
          },
          {
            "name": "maximo-cve20133047-priv-esc(84844)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84844"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV35721",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV35721"
        },
        {
          "name": "maximo-cve20133047-priv-esc(84844)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84844"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-3047",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV35721",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV35721"
            },
            {
              "name": "maximo-cve20133047-priv-esc(84844)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84844"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-3047",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-04-12T00:00:00",
    "dateUpdated": "2024-08-06T16:00:09.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-4816 (GCVE-0-2011-4816)
Vulnerability from cvelistv5
Published
2012-03-13 01:00
Modified
2024-08-07 00:16
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/72001 vdb-entry, x_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg21584666 x_refsource_CONFIRM
http://secunia.com/advisories/48299 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/48305 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/52333 vdb-entry, x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194 vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:16:35.026Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "maximo-kpi-sql-injection(72001)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "48305",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48305"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          },
          {
            "name": "IV09194",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "maximo-kpi-sql-injection(72001)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "48305",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48305"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        },
        {
          "name": "IV09194",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2011-4816",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "maximo-kpi-sql-injection(72001)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "48305",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "IV09194",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2011-4816",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-12-14T00:00:00",
    "dateUpdated": "2024-08-07T00:16:35.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4463 (GCVE-0-2020-4463)
Vulnerability from cvelistv5
Published
2020-07-29 14:05
Modified
2024-09-16 21:02
Severity ?
8.2 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.0.1
Version: 7.6.0.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.747Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6253953"
          },
          {
            "name": "ibm-maximo-cve20204463-xxe (181484)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181484"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0.1"
            },
            {
              "status": "affected",
              "version": "7.6.0.2"
            }
          ]
        }
      ],
      "datePublic": "2020-07-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/S:U/PR:N/UI:N/AV:N/I:N/C:H/AC:L/A:L/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-29T14:05:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6253953"
        },
        {
          "name": "ibm-maximo-cve20204463-xxe (181484)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181484"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-07-28T00:00:00",
          "ID": "CVE-2020-4463",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0.1"
                          },
                          {
                            "version_value": "7.6.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6253953",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6253953 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6253953"
            },
            {
              "name": "ibm-maximo-cve20204463-xxe (181484)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181484"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4463",
    "datePublished": "2020-07-29T14:05:29.553567Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T21:02:19.753Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4478 (GCVE-0-2019-4478)
Vulnerability from cvelistv5
Published
2020-05-12 13:40
Modified
2024-09-17 02:21
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.0
Version: 7.6.1
Version: 7.6.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:38.159Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6208436"
          },
          {
            "name": "ibm-maximo-cve20194478-info-disc (163998)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163998"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.6.1.1"
            }
          ]
        }
      ],
      "datePublic": "2020-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AV:N/I:N/S:U/UI:N/AC:L/C:H/PR:L/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-05-12T13:40:16",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6208436"
        },
        {
          "name": "ibm-maximo-cve20194478-info-disc (163998)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163998"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-05-11T00:00:00",
          "ID": "CVE-2019-4478",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.1"
                          },
                          {
                            "version_value": "7.6.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6208436",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6208436 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6208436"
            },
            {
              "name": "ibm-maximo-cve20194478-info-disc (163998)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163998"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4478",
    "datePublished": "2020-05-12T13:40:16.773845Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T02:21:03.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-6356 (GCVE-0-2012-6356)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 21:28
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:28:39.917Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "IV27329",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329"
          },
          {
            "name": "mam-import-fct-priv-esc(80748)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80748"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "IV27329",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329"
        },
        {
          "name": "mam-import-fct-priv-esc(80748)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80748"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-6356",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "IV27329",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329"
            },
            {
              "name": "mam-import-fct-priv-esc(80748)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80748"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-6356",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T21:28:39.917Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-35645 (GCVE-0-2022-35645)
Vulnerability from cvelistv5
Published
2023-03-02 20:14
Modified
2025-03-05 19:53
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230958.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.1, 7.6.1.2, 7.6.1.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:36:44.454Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6959353"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6959355"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230958"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-35645",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T19:53:12.477461Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T19:53:18.251Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.1, 7.6.1.2, 7.6.1.3"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Application Suite",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.8, 8.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  230958."
            }
          ],
          "value": "IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  230958."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-02T20:14:56.934Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6959353"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6959355"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230958"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Asset Management cross-site scripting",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-35645",
    "datePublished": "2023-03-02T20:14:56.934Z",
    "dateReserved": "2022-07-11T18:50:45.488Z",
    "dateUpdated": "2025-03-05T19:53:18.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2987 (GCVE-0-2025-2987)
Vulnerability from cvelistv5
Published
2025-04-21 23:24
Modified
2025-04-22 02:10
Severity ?
3.8 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
CWE
  • CWE-918 - Server-Side Request Forgery (SSRF)
Summary
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.3
    cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2987",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T02:10:46.181147Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T02:10:57.075Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
            }
          ],
          "value": "IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-21T23:24:30.724Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7231390"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Asset Management server-side request forgery",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-2987",
    "datePublished": "2025-04-21T23:24:30.724Z",
    "dateReserved": "2025-03-30T12:39:18.696Z",
    "dateUpdated": "2025-04-22T02:10:57.075Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5395 (GCVE-0-2013-5395)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 17:06
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors.
References
http://secunia.com/advisories/55070 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/87157 vdb-entry, x_refsource_XF
http://secunia.com/advisories/55068 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21651085 x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IV32526 vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:06:52.490Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55070"
          },
          {
            "name": "maximo-cve20135395-sec-bypass(87157)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87157"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          },
          {
            "name": "IV32526",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32526"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "55070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55070"
        },
        {
          "name": "maximo-cve20135395-sec-bypass(87157)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87157"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        },
        {
          "name": "IV32526",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32526"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5395",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55070"
            },
            {
              "name": "maximo-cve20135395-sec-bypass(87157)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87157"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            },
            {
              "name": "IV32526",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32526"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-5395",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:06:52.490Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0262 (GCVE-0-2016-0262)
Vulnerability from cvelistv5
Published
2016-03-14 01:00
Modified
2024-08-05 22:15
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:23.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977828"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-03-14T01:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977828"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0262",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21977828",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977828"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0262",
    "datePublished": "2016-03-14T01:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:23.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-1951 (GCVE-0-2015-1951)
Vulnerability from cvelistv5
Published
2015-07-01 10:00
Modified
2024-08-06 05:02
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.0 IFIX005 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:43.404Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "75340",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75340"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959613"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.0 IFIX005 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-28T20:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "75340",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75340"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959613"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1951",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.0 IFIX005 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "75340",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75340"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959613",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959613"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1951",
    "datePublished": "2015-07-01T10:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T05:02:43.404Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-32332 (GCVE-0-2023-32332)
Vulnerability from cvelistv5
Published
2023-09-08 19:55
Modified
2024-09-26 14:13
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE
  • 80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.2, 7.6.1.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:10:24.876Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7030367"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7030926"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255072"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32332",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T14:13:05.628463Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T14:13:16.283Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.2, 7.6.1.3"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Application Suite",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.9, 8.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.  IBM X-Force ID:  255072."
            }
          ],
          "value": "IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.  IBM X-Force ID:  255072."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-08T19:55:17.970Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7030367"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7030926"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255072"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Application Suite and IBM Maximo Asset Management HTML injection",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-32332",
    "datePublished": "2023-09-08T19:55:17.970Z",
    "dateReserved": "2023-05-08T18:32:34.088Z",
    "dateUpdated": "2024-09-26T14:13:16.283Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1292 (GCVE-0-2017-1292)
Vulnerability from cvelistv5
Published
2017-05-26 16:00
Modified
2024-08-05 13:32
Severity ?
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.5
Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.409Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-05-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-26T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1292",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22003414",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1292",
    "datePublished": "2017-05-26T16:00:00",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:32:29.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4530 (GCVE-0-2019-4530)
Vulnerability from cvelistv5
Published
2019-11-20 16:16
Modified
2024-09-17 04:09
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Gain Privileges
Summary
IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
Version: 7.6.1
Version: 7.6.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1108503"
          },
          {
            "name": "ibm-maximo-cve20194530-priv-escalation (165586)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165586"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.6.1.1"
            }
          ]
        }
      ],
      "datePublic": "2019-11-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:N/PR:L/S:U/UI:N/AC:L/A:N/AV:N/I:L/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-20T16:16:11",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1108503"
        },
        {
          "name": "ibm-maximo-cve20194530-priv-escalation (165586)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165586"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-11-19T00:00:00",
          "ID": "CVE-2019-4530",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          },
                          {
                            "version_value": "7.6.1"
                          },
                          {
                            "version_value": "7.6.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1108503",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1108503 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/1108503"
            },
            {
              "name": "ibm-maximo-cve20194530-priv-escalation (165586)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165586"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4530",
    "datePublished": "2019-11-20T16:16:11.268913Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T04:09:08.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-35714 (GCVE-0-2022-35714)
Vulnerability from cvelistv5
Published
2022-08-26 17:25
Modified
2024-09-16 19:50
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.1
Version: 7.6.1.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:44:21.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6615273"
          },
          {
            "name": "ibm-maximo-cve202235714-xss (231116)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/231116"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.1"
            },
            {
              "status": "affected",
              "version": "7.6.1.2"
            }
          ]
        }
      ],
      "datePublic": "2022-08-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/C:L/A:N/UI:R/S:C/AV:N/PR:L/I:L/AC:L/RL:O/RC:C/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-26T17:25:13",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6615273"
        },
        {
          "name": "ibm-maximo-cve202235714-xss (231116)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/231116"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-08-25T00:00:00",
          "ID": "CVE-2022-35714",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.1.1"
                          },
                          {
                            "version_value": "7.6.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6615273",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6615273 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6615273"
            },
            {
              "name": "ibm-maximo-cve202235714-xss (231116)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/231116"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-35714",
    "datePublished": "2022-08-26T17:25:13.437104Z",
    "dateReserved": "2022-07-12T00:00:00",
    "dateUpdated": "2024-09-16T19:50:56.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-32333 (GCVE-0-2023-32333)
Vulnerability from cvelistv5
Published
2024-02-02 01:55
Modified
2024-08-02 15:10
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE
  • CWE-284 - Improper Access Control
Summary
IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "maximo_asset_management",
            "vendor": "ibm",
            "versions": [
              {
                "status": "affected",
                "version": "7.6.1.3"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32333",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T14:12:22.084368Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T14:13:19.820Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:10:24.930Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7112388"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255073"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls.  IBM X-Force ID:  255073."
            }
          ],
          "value": "IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls.  IBM X-Force ID:  255073."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-02T01:55:05.695Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7112388"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255073"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Asset Management improper access control",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-32333",
    "datePublished": "2024-02-02T01:55:05.695Z",
    "dateReserved": "2023-05-08T18:32:34.088Z",
    "dateUpdated": "2024-08-02T15:10:24.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0289 (GCVE-0-2016-0289)
Vulnerability from cvelistv5
Published
2016-04-04 14:00
Modified
2024-08-05 22:15
Severity ?
CWE
  • n/a
Summary
shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:23.229Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979519"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-04-04T13:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979519"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0289",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21979519",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979519"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0289",
    "datePublished": "2016-04-04T14:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:23.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0195 (GCVE-0-2012-0195)
Vulnerability from cvelistv5
Published
2012-03-13 01:00
Modified
2024-08-06 18:16
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name.
References
http://www.ibm.com/support/docview.wss?uid=swg21584666 x_refsource_CONFIRM
http://secunia.com/advisories/48299 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198 vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/48305 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/52333 vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/72612 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:16:19.457Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "IV09198",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198"
          },
          {
            "name": "48305",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48305"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          },
          {
            "name": "mam-sclc-xss(72612)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "IV09198",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198"
        },
        {
          "name": "48305",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48305"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        },
        {
          "name": "mam-sclc-xss(72612)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0195",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "IV09198",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198"
            },
            {
              "name": "48305",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "mam-sclc-xss(72612)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0195",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-12-14T00:00:00",
    "dateUpdated": "2024-08-06T18:16:19.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29743 (GCVE-0-2021-29743)
Vulnerability from cvelistv5
Published
2021-08-30 17:00
Modified
2024-09-17 03:08
Severity ?
6.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201693.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.0
Version: 7.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:02.438Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6484679"
          },
          {
            "name": "ibm-maximo-cve202129743-xss (201693)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201693"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201693."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 6.1,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/I:L/S:C/A:N/PR:L/C:L/AC:L/AV:N/UI:N/RL:O/RC:C/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-30T17:00:29",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6484679"
        },
        {
          "name": "ibm-maximo-cve202129743-xss (201693)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201693"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-08-27T00:00:00",
          "ID": "CVE-2021-29743",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201693."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "N"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6484679",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6484679 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6484679"
            },
            {
              "name": "ibm-maximo-cve202129743-xss (201693)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201693"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29743",
    "datePublished": "2021-08-30T17:00:29.143591Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-17T03:08:27.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4430 (GCVE-0-2019-4430)
Vulnerability from cvelistv5
Published
2019-07-17 14:05
Modified
2024-09-17 03:02
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:37.944Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10959173"
          },
          {
            "name": "ibm-maximo-cve20194430-info-disc (162887)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162887"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-07-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/AC:L/A:N/I:N/AV:N/PR:L/S:U/C:L/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-17T14:05:21",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10959173"
        },
        {
          "name": "ibm-maximo-cve20194430-info-disc (162887)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162887"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-07-15T00:00:00",
          "ID": "CVE-2019-4430",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10959173",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 959173 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10959173"
            },
            {
              "name": "ibm-maximo-cve20194430-info-disc (162887)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162887"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4430",
    "datePublished": "2019-07-17T14:05:21.048749Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T03:02:02.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-38924 (GCVE-0-2021-38924)
Vulnerability from cvelistv5
Published
2022-09-14 16:20
Modified
2024-09-16 18:08
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.1
Version: 7.6.1.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:51:20.758Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6620059"
          },
          {
            "name": "ibm-maximo-cve202138924-info-disc (210163)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210163"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.1"
            },
            {
              "status": "affected",
              "version": "7.6.1.2"
            }
          ]
        }
      ],
      "datePublic": "2022-09-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/C:L/UI:N/AV:N/I:N/AC:L/S:U/PR:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-14T16:20:11",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6620059"
        },
        {
          "name": "ibm-maximo-cve202138924-info-disc (210163)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210163"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-09-13T00:00:00",
          "ID": "CVE-2021-38924",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.1.1"
                          },
                          {
                            "version_value": "7.6.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6620059",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6620059 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6620059"
            },
            {
              "name": "ibm-maximo-cve202138924-info-disc (210163)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210163"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-38924",
    "datePublished": "2022-09-14T16:20:11.857671Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-09-16T18:08:57.450Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-2028 (GCVE-0-2018-2028)
Vulnerability from cvelistv5
Published
2019-06-06 00:35
Modified
2024-09-17 02:32
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:39.540Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
          },
          {
            "name": "ibm-maximo-cve20182028-info-disc (155554)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/UI:N/S:U/C:H/AC:L/PR:L/I:N/AV:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-06T00:35:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
        },
        {
          "name": "ibm-maximo-cve20182028-info-disc (155554)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-03T00:00:00",
          "ID": "CVE-2018-2028",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880145",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 880145 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
            },
            {
              "name": "ibm-maximo-cve20182028-info-disc (155554)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-2028",
    "datePublished": "2019-06-06T00:35:18.707579Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T02:32:33.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0108 (GCVE-0-2015-0108)
Vulnerability from cvelistv5
Published
2015-02-18 02:00
Modified
2024-08-06 03:55
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:28.014Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-tsam-cve20150108-xss(99605)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99605"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-tsam-cve20150108-xss(99605)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99605"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-0108",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-tsam-cve20150108-xss(99605)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99605"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-0108",
    "datePublished": "2015-02-18T02:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T03:55:28.014Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-4765 (GCVE-0-2014-4765)
Vulnerability from cvelistv5
Published
2014-10-02 00:00
Modified
2024-08-06 11:27
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:27:36.138Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
          },
          {
            "name": "ibm-maximo-cve20144765-error-message(94757)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
        },
        {
          "name": "ibm-maximo-cve20144765-error-message(94757)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-4765",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
            },
            {
              "name": "ibm-maximo-cve20144765-error-message(94757)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-4765",
    "datePublished": "2014-10-02T00:00:00",
    "dateReserved": "2014-07-09T00:00:00",
    "dateUpdated": "2024-08-06T11:27:36.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-27860 (GCVE-0-2023-27860)
Vulnerability from cvelistv5
Published
2023-04-27 18:59
Modified
2025-01-30 20:48
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-209 - Generation of Error Message Containing Sensitive Information
Summary
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.2, 7.6.1.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:23:30.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6985679"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249207"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27860",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-30T20:48:47.089441Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-30T20:48:54.976Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.2, 7.6.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message.  This information could be used in further attacks against the system.  IBM X-Force ID:  249207."
            }
          ],
          "value": "IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message.  This information could be used in further attacks against the system.  IBM X-Force ID:  249207."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-27T18:59:24.744Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6985679"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249207"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Asset Management information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-27860",
    "datePublished": "2023-04-27T18:59:24.744Z",
    "dateReserved": "2023-03-06T20:01:41.707Z",
    "dateUpdated": "2025-01-30T20:48:54.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4582 (GCVE-0-2019-4582)
Vulnerability from cvelistv5
Published
2020-08-13 11:50
Modified
2024-09-16 17:43
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.0
Version: 7.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.617Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6258321"
          },
          {
            "name": "ibm-maximo-cve20194582-dir-traversal (167288)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167288"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            }
          ]
        }
      ],
      "datePublic": "2020-08-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/A:N/S:U/UI:N/AC:L/C:L/PR:L/I:N/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-13T11:50:13",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6258321"
        },
        {
          "name": "ibm-maximo-cve20194582-dir-traversal (167288)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167288"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-08-12T00:00:00",
          "ID": "CVE-2019-4582",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6258321",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6258321 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6258321"
            },
            {
              "name": "ibm-maximo-cve20194582-dir-traversal (167288)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167288"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4582",
    "datePublished": "2020-08-13T11:50:13.464556Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T17:43:13.114Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6072 (GCVE-0-2016-6072)
Vulnerability from cvelistv5
Published
2017-02-01 20:00
Modified
2024-08-06 01:22
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
Impacted products
Vendor Product Version
IBM Corporation Maximo Asset Management Version: 6.2
Version: 7.1
Version: 7.5
Version: 7.5.0.0
Version: 7.5.0.10
Version: 7.1.0.0
Version: 6.2.0.0
Version: 7.2
Version: 7.1.1
Version: 7.1.2
Version: 7.2.1
Version: 6.2.1
Version: 6.2.2
Version: 6.2.3
Version: 6.2.4
Version: 6.2.5
Version: 6.2.6
Version: 6.2.7
Version: 6.2.8
Version: 7.1.1.1
Version: 7.1.1.10
Version: 7.1.1.11
Version: 7.1.1.12
Version: 7.1.1.2
Version: 7.1.1.5
Version: 7.1.1.6
Version: 7.1.1.7
Version: 7.1.1.8
Version: 7.1.1.9
Version: 7.5.0.1
Version: 7.5.0.2
Version: 7.5.0.3
Version: 7.5.0.4
Version: 7.5.0.5
Version: 7.6
Version: 7.5.0
Version: 7.6.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:18.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94355",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94355"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.5.0.0"
            },
            {
              "status": "affected",
              "version": "7.5.0.10"
            },
            {
              "status": "affected",
              "version": "7.1.0.0"
            },
            {
              "status": "affected",
              "version": "6.2.0.0"
            },
            {
              "status": "affected",
              "version": "7.2"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.1.2"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "6.2.2"
            },
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.2.4"
            },
            {
              "status": "affected",
              "version": "6.2.5"
            },
            {
              "status": "affected",
              "version": "6.2.6"
            },
            {
              "status": "affected",
              "version": "6.2.7"
            },
            {
              "status": "affected",
              "version": "6.2.8"
            },
            {
              "status": "affected",
              "version": "7.1.1.1"
            },
            {
              "status": "affected",
              "version": "7.1.1.10"
            },
            {
              "status": "affected",
              "version": "7.1.1.11"
            },
            {
              "status": "affected",
              "version": "7.1.1.12"
            },
            {
              "status": "affected",
              "version": "7.1.1.2"
            },
            {
              "status": "affected",
              "version": "7.1.1.5"
            },
            {
              "status": "affected",
              "version": "7.1.1.6"
            },
            {
              "status": "affected",
              "version": "7.1.1.7"
            },
            {
              "status": "affected",
              "version": "7.1.1.8"
            },
            {
              "status": "affected",
              "version": "7.1.1.9"
            },
            {
              "status": "affected",
              "version": "7.5.0.1"
            },
            {
              "status": "affected",
              "version": "7.5.0.2"
            },
            {
              "status": "affected",
              "version": "7.5.0.3"
            },
            {
              "status": "affected",
              "version": "7.5.0.4"
            },
            {
              "status": "affected",
              "version": "7.5.0.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            },
            {
              "status": "affected",
              "version": "7.5.0"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-02T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "94355",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94355"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6072",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.2"
                          },
                          {
                            "version_value": "7.1"
                          },
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.5.0.0"
                          },
                          {
                            "version_value": "7.5.0.10"
                          },
                          {
                            "version_value": "7.1.0.0"
                          },
                          {
                            "version_value": "6.2.0.0"
                          },
                          {
                            "version_value": "7.2"
                          },
                          {
                            "version_value": "7.1.1"
                          },
                          {
                            "version_value": "7.1.2"
                          },
                          {
                            "version_value": "7.2.1"
                          },
                          {
                            "version_value": "6.2.1"
                          },
                          {
                            "version_value": "6.2.2"
                          },
                          {
                            "version_value": "6.2.3"
                          },
                          {
                            "version_value": "6.2.4"
                          },
                          {
                            "version_value": "6.2.5"
                          },
                          {
                            "version_value": "6.2.6"
                          },
                          {
                            "version_value": "6.2.7"
                          },
                          {
                            "version_value": "6.2.8"
                          },
                          {
                            "version_value": "7.1.1.1"
                          },
                          {
                            "version_value": "7.1.1.10"
                          },
                          {
                            "version_value": "7.1.1.11"
                          },
                          {
                            "version_value": "7.1.1.12"
                          },
                          {
                            "version_value": "7.1.1.2"
                          },
                          {
                            "version_value": "7.1.1.5"
                          },
                          {
                            "version_value": "7.1.1.6"
                          },
                          {
                            "version_value": "7.1.1.7"
                          },
                          {
                            "version_value": "7.1.1.8"
                          },
                          {
                            "version_value": "7.1.1.9"
                          },
                          {
                            "version_value": "7.5.0.1"
                          },
                          {
                            "version_value": "7.5.0.2"
                          },
                          {
                            "version_value": "7.5.0.3"
                          },
                          {
                            "version_value": "7.5.0.4"
                          },
                          {
                            "version_value": "7.5.0.5"
                          },
                          {
                            "version_value": "7.6"
                          },
                          {
                            "version_value": "7.5.0"
                          },
                          {
                            "version_value": "7.6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94355",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94355"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21991893",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6072",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:22:18.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0849 (GCVE-0-2014-0849)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 09:27
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.255Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "IV53952",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53952"
          },
          {
            "name": "ibm-maximo-cve20140849-sec-bypass(90738)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90738"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "IV53952",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53952"
        },
        {
          "name": "ibm-maximo-cve20140849-sec-bypass(90738)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90738"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0849",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "IV53952",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53952"
            },
            {
              "name": "ibm-maximo-cve20140849-sec-bypass(90738)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90738"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0849",
    "datePublished": "2014-05-26T16:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5380 (GCVE-0-2013-5380)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 17:06
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors.
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IV33364 vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/55070 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/55068 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/86931 vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg21651085 x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:06:52.350Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV33364",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV33364"
          },
          {
            "name": "55070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55070"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "name": "maximo-cve20135380-infodisc(86931)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86931"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV33364",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV33364"
        },
        {
          "name": "55070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55070"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "name": "maximo-cve20135380-infodisc(86931)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86931"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5380",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV33364",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV33364"
            },
            {
              "name": "55070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55070"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "maximo-cve20135380-infodisc(86931)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86931"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-5380",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:06:52.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3084 (GCVE-0-2014-3084)
Vulnerability from cvelistv5
Published
2014-08-29 10:00
Modified
2024-08-06 10:35
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended write-access restrictions on calendar entries via unspecified vectors.
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IV61274 vendor-advisory, x_refsource_AIXAPAR
http://www.securitytracker.com/id/1030780 vdb-entry, x_refsource_SECTRACK
http://www-01.ibm.com/support/docview.wss?uid=swg21681020 x_refsource_CONFIRM
http://secunia.com/advisories/60453 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/93955 vdb-entry, x_refsource_XF
http://secunia.com/advisories/60408 third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:55.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV61274",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61274"
          },
          {
            "name": "1030780",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030780"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681020"
          },
          {
            "name": "60453",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60453"
          },
          {
            "name": "ibm-maximo-cve20143084-sec-bypass(93955)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93955"
          },
          {
            "name": "60408",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60408"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended write-access restrictions on calendar entries via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV61274",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61274"
        },
        {
          "name": "1030780",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030780"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681020"
        },
        {
          "name": "60453",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60453"
        },
        {
          "name": "ibm-maximo-cve20143084-sec-bypass(93955)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93955"
        },
        {
          "name": "60408",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60408"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3084",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended write-access restrictions on calendar entries via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV61274",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61274"
            },
            {
              "name": "1030780",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030780"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681020",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681020"
            },
            {
              "name": "60453",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60453"
            },
            {
              "name": "ibm-maximo-cve20143084-sec-bypass(93955)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93955"
            },
            {
              "name": "60408",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60408"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3084",
    "datePublished": "2014-08-29T10:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:35:55.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3026 (GCVE-0-2014-3026)
Vulnerability from cvelistv5
Published
2014-07-29 20:00
Modified
2024-08-06 10:28
Severity ?
CWE
  • n/a
Summary
CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.379Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20143026-header-injection(93065)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93065"
          },
          {
            "name": "59570",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59570"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20143026-header-injection(93065)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93065"
        },
        {
          "name": "59570",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59570"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3026",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20143026-header-injection(93065)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93065"
            },
            {
              "name": "59570",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59570"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3026",
    "datePublished": "2014-07-29T20:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-2185 (GCVE-0-2012-2185)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 19:26
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors.
References
http://secunia.com/advisories/50551 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/75784 vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg21610081 x_refsource_CONFIRM
http://osvdb.org/85183 vdb-entry, x_refsource_OSVDB
http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942 vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.943Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "name": "ibm-maximo-info-disclosure(75784)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          },
          {
            "name": "85183",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/85183"
          },
          {
            "name": "IV17942",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "name": "ibm-maximo-info-disclosure(75784)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        },
        {
          "name": "85183",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/85183"
        },
        {
          "name": "IV17942",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2185",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "ibm-maximo-info-disclosure(75784)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            },
            {
              "name": "85183",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/85183"
            },
            {
              "name": "IV17942",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2185",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:08.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4512 (GCVE-0-2019-4512)
Vulnerability from cvelistv5
Published
2019-10-09 15:00
Modified
2024-09-17 02:36
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1075413"
          },
          {
            "name": "ibm-maximo-cve20194512-info-disc (164554)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.1"
            }
          ]
        }
      ],
      "datePublic": "2019-10-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/I:N/C:L/S:U/UI:N/A:N/PR:L/AC:L/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-09T15:00:23",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1075413"
        },
        {
          "name": "ibm-maximo-cve20194512-info-disc (164554)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-10-08T00:00:00",
          "ID": "CVE-2019-4512",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1075413",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1075413 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/1075413"
            },
            {
              "name": "ibm-maximo-cve20194512-info-disc (164554)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4512",
    "datePublished": "2019-10-09T15:00:23.883418Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T02:36:34.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4364 (GCVE-0-2019-4364)
Vulnerability from cvelistv5
Published
2019-06-19 13:30
Modified
2024-09-16 18:39
Severity ?
5.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
CWE
  • Gain Privileges
Summary
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:37.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
          },
          {
            "name": "ibm-maximo-cve20194364-code-exec (161680)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
          },
          {
            "name": "108910",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108910"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/S:U/C:L/I:L/UI:R/A:L/AC:L/AV:N/PR:L/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T12:06:04",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
        },
        {
          "name": "ibm-maximo-cve20194364-code-exec (161680)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
        },
        {
          "name": "108910",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108910"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-17T00:00:00",
          "ID": "CVE-2019-4364",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10887557",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 887557 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
            },
            {
              "name": "ibm-maximo-cve20194364-code-exec (161680)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
            },
            {
              "name": "108910",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108910"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4364",
    "datePublished": "2019-06-19T13:30:19.753226Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T18:39:05.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1291 (GCVE-0-2017-1291)
Vulnerability from cvelistv5
Published
2017-05-26 16:00
Modified
2024-08-05 13:32
Severity ?
CWE
  • Gain Access
Summary
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.5
Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:28.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-05-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-26T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1291",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22003413",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1291",
    "datePublished": "2017-05-26T16:00:00",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:32:28.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4671 (GCVE-0-2019-4671)
Vulnerability from cvelistv5
Published
2020-09-15 13:50
Modified
2024-09-17 02:10
Severity ?
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
CWE
  • Data Manipulation
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.0
Version: 7.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:48.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6332583"
          },
          {
            "name": "ibm-maximo-cve20194671-sql-injection (171437)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171437"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            }
          ]
        }
      ],
      "datePublic": "2020-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/A:L/AV:N/I:L/S:U/UI:N/C:L/PR:L/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Data Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-15T13:50:23",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6332583"
        },
        {
          "name": "ibm-maximo-cve20194671-sql-injection (171437)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171437"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-09-14T00:00:00",
          "ID": "CVE-2019-4671",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Data Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6332583",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6332583 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6332583"
            },
            {
              "name": "ibm-maximo-cve20194671-sql-injection (171437)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171437"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4671",
    "datePublished": "2020-09-15T13:50:23.236861Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T02:10:46.368Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1697 (GCVE-0-2018-1697)
Vulnerability from cvelistv5
Published
2018-12-05 17:00
Modified
2024-09-16 20:52
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.364Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10737457"
          },
          {
            "name": "ibm-maximo-cve20181697-info-disc(145966)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145966"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2018-12-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-05T16:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10737457"
        },
        {
          "name": "ibm-maximo-cve20181697-info-disc(145966)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145966"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-12-03T00:00:00",
          "ID": "CVE-2018-1697",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10737457",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10737457"
            },
            {
              "name": "ibm-maximo-cve20181697-info-disc(145966)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145966"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1697",
    "datePublished": "2018-12-05T17:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T20:52:59.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-40616 (GCVE-0-2022-40616)
Vulnerability from cvelistv5
Published
2022-09-21 16:20
Modified
2025-05-28 14:05
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
CWE
  • Bypass Security
Summary
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.1
Version: 7.6.1.2
Version: 7.6.1.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:21:46.260Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6621599"
          },
          {
            "name": "ibm-maximo-cve202240616-auth-bypass (236311)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236311"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-40616",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-28T14:04:57.310018Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-287",
                "description": "CWE-287 Improper Authentication",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-28T14:05:05.418Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.1"
            },
            {
              "status": "affected",
              "version": "7.6.1.2"
            },
            {
              "status": "affected",
              "version": "7.6.1.3"
            }
          ]
        }
      ],
      "datePublic": "2022-09-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/AV:N/PR:N/UI:N/A:N/S:U/I:L/C:L/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Bypass Security",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-21T16:20:09.000Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6621599"
        },
        {
          "name": "ibm-maximo-cve202240616-auth-bypass (236311)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236311"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-09-20T00:00:00",
          "ID": "CVE-2022-40616",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.1.1"
                          },
                          {
                            "version_value": "7.6.1.2"
                          },
                          {
                            "version_value": "7.6.1.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Bypass Security"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6621599",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6621599 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6621599"
            },
            {
              "name": "ibm-maximo-cve202240616-auth-bypass (236311)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236311"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-40616",
    "datePublished": "2022-09-21T16:20:10.043Z",
    "dateReserved": "2022-09-12T00:00:00.000Z",
    "dateUpdated": "2025-05-28T14:05:05.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4745 (GCVE-0-2019-4745)
Vulnerability from cvelistv5
Published
2020-02-24 15:35
Modified
2024-09-17 02:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:48.963Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/3245409"
          },
          {
            "name": "ibm-maximo-cve20194745-info-disc (172883)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172883"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.0"
            }
          ]
        }
      ],
      "datePublic": "2020-02-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/S:U/UI:N/C:L/AV:N/I:N/AC:L/PR:L/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-24T15:35:30",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/3245409"
        },
        {
          "name": "ibm-maximo-cve20194745-info-disc (172883)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172883"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-21T00:00:00",
          "ID": "CVE-2019-4745",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/3245409",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 3245409 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/3245409"
            },
            {
              "name": "ibm-maximo-cve20194745-info-disc (172883)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172883"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4745",
    "datePublished": "2020-02-24T15:35:30.529693Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T02:37:26.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-32335 (GCVE-0-2023-32335)
Vulnerability from cvelistv5
Published
2024-03-13 09:23
Modified
2024-08-05 15:52
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-598 - Information Exposure Through Query Strings in GET Request
Summary
IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075.
References
Impacted products
Vendor Product Version
IBM Maximo Application Suite Version: 8.10, 8.11
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:10:24.953Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7138684"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266875"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7138686"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32335",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-05T15:52:09.104397Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:52:20.030Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Application Suite",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.10, 8.11"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.  IBM X-Force ID:  255075."
            }
          ],
          "value": "IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.  IBM X-Force ID:  255075."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-598",
              "description": "CWE-598 Information Exposure Through Query Strings in GET Request",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-13T09:23:23.225Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7138684"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266875"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7138686"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Application Suite information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-32335",
    "datePublished": "2024-03-13T09:23:23.225Z",
    "dateReserved": "2023-05-08T18:32:34.088Z",
    "dateUpdated": "2024-08-05T15:52:20.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1395 (GCVE-0-2011-1395)
Vulnerability from cvelistv5
Published
2012-03-13 01:00
Modified
2024-08-06 22:28
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:40.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "maximo-imicon-xss(71996)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71996"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          },
          {
            "name": "IV09189",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09189"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "maximo-imicon-xss(71996)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71996"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        },
        {
          "name": "IV09189",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09189"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1395",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "maximo-imicon-xss(71996)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71996"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "IV09189",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09189"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1395",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-03-10T00:00:00",
    "dateUpdated": "2024-08-06T22:28:40.285Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5464 (GCVE-0-2013-5464)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 17:15
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with restricted storerooms, via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV46277",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46277"
          },
          {
            "name": "ibm-maximo-cve20135464-storerooms(88362)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88362"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with restricted storerooms, via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV46277",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46277"
        },
        {
          "name": "ibm-maximo-cve20135464-storerooms(88362)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88362"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5464",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with restricted storerooms, via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV46277",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46277"
            },
            {
              "name": "ibm-maximo-cve20135464-storerooms(88362)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88362"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-5464",
    "datePublished": "2014-05-26T16:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9977 (GCVE-0-2016-9977)
Vulnerability from cvelistv5
Published
2017-06-07 17:00
Modified
2024-08-06 03:07
Severity ?
CWE
  • Gain Access
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.1
Version: 7.5
Version: 7.1.1
Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:31.819Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
          },
          {
            "name": "98786",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98786"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-05-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 120253."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-08T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
        },
        {
          "name": "98786",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98786"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-9977",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.1"
                          },
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.1.1"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 120253."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
            },
            {
              "name": "98786",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98786"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22003981",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-9977",
    "datePublished": "2017-06-07T17:00:00",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-08-06T03:07:31.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-41734 (GCVE-0-2022-41734)
Vulnerability from cvelistv5
Published
2023-02-17 17:38
Modified
2025-03-12 20:01
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.2 , 7.6.1.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:49:43.739Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6857605"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237587"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41734",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-12T20:01:28.941972Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-12T20:01:37.858Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.2 , 7.6.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.  IBM X-Force ID:  237587."
            }
          ],
          "value": "IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.  IBM X-Force ID:  237587."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-17T17:38:24.048Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6857605"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237587"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Asset Management information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-41734",
    "datePublished": "2023-02-17T17:38:24.048Z",
    "dateReserved": "2022-09-28T17:18:53.376Z",
    "dateUpdated": "2025-03-12T20:01:37.858Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1499 (GCVE-0-2017-1499)
Vulnerability from cvelistv5
Published
2018-02-14 15:00
Modified
2024-09-17 00:16
Severity ?
CWE
  • Gain Access
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.5
Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.666Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2018-01-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-14T14:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-01-25T00:00:00",
          "ID": "CVE-2017-1499",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22012781",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1499",
    "datePublished": "2018-02-14T15:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T00:16:20.442Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4027 (GCVE-0-2013-4027)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 16:30
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
References
http://secunia.com/advisories/55070 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/86064 vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg1IV43491 vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/55068 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21651085 x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.431Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55070"
          },
          {
            "name": "maximo-cve20134027-sec-bypass(86064)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86064"
          },
          {
            "name": "IV43491",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV43491"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "55070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55070"
        },
        {
          "name": "maximo-cve20134027-sec-bypass(86064)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86064"
        },
        {
          "name": "IV43491",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV43491"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-4027",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55070"
            },
            {
              "name": "maximo-cve20134027-sec-bypass(86064)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86064"
            },
            {
              "name": "IV43491",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV43491"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-4027",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.431Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0728 (GCVE-0-2012-0728)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 18:38
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.881Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-sql-injection-iv17964(74307)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74307"
          },
          {
            "name": "IV17964",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964"
          },
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-sql-injection-iv17964(74307)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74307"
        },
        {
          "name": "IV17964",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964"
        },
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0728",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-sql-injection-iv17964(74307)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74307"
            },
            {
              "name": "IV17964",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964"
            },
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0728",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3313 (GCVE-0-2012-3313)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 19:57
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:57:50.514Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV15530",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530"
          },
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "name": "ibm-maximo-xss-iv15530(77787)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77787"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV15530",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530"
        },
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "name": "ibm-maximo-xss-iv15530(77787)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77787"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3313",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV15530",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530"
            },
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "ibm-maximo-xss-iv15530(77787)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77787"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3313",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T19:57:50.514Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0109 (GCVE-0-2015-0109)
Vulnerability from cvelistv5
Published
2015-02-18 02:00
Modified
2024-08-06 03:55
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:28.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-tsam-cve20150109-xss(99606)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99606"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-tsam-cve20150109-xss(99606)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99606"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-0109",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-tsam-cve20150109-xss(99606)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99606"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-0109",
    "datePublished": "2015-02-18T02:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T03:55:28.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9976 (GCVE-0-2016-9976)
Vulnerability from cvelistv5
Published
2017-05-03 17:00
Modified
2024-08-06 03:07
Severity ?
CWE
  • Gain Access
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.
References
Impacted products
Vendor Product Version
IBM Corporation Maximo Asset Management Version: 7.1, 7.5, 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:31.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
          },
          {
            "name": "98305",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98305"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "7.1, 7.5, 7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-05T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
        },
        {
          "name": "98305",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98305"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-9976",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.1, 7.5, 7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22002018",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
            },
            {
              "name": "98305",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98305"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-9976",
    "datePublished": "2017-05-03T17:00:00",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-08-06T03:07:31.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1397 (GCVE-0-2011-1397)
Vulnerability from cvelistv5
Published
2012-03-13 01:00
Modified
2024-08-06 22:28
Severity ?
CWE
  • n/a
Summary
Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/72000 vdb-entry, x_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg21584666 x_refsource_CONFIRM
http://secunia.com/advisories/48299 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/48305 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/52333 vdb-entry, x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193 vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:40.297Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "maximo-laborreporting-csrf(72000)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "48305",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48305"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          },
          {
            "name": "IV09193",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "maximo-laborreporting-csrf(72000)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "48305",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48305"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        },
        {
          "name": "IV09193",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1397",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "maximo-laborreporting-csrf(72000)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "48305",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "IV09193",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1397",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-03-10T00:00:00",
    "dateUpdated": "2024-08-06T22:28:40.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5902 (GCVE-0-2016-5902)
Vulnerability from cvelistv5
Published
2017-02-08 22:00
Modified
2024-08-06 01:15
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
Impacted products
Vendor Product Version
IBM Corporation IBM Maximo Asset Management 6.2, 7.1, 7.5, 7.5.0.0, 7.5.0.10, 7.1.0.0, 6.2.0.0, 7.2, 7.1.1, 7.1.2, 7.2.1, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 7.1.1.1, 7.1.1.10, 7.1.1.11, 7.1.1.12, 7.1.1.2, 7.1.1.5, 7.1.1.6, 7.1.1.7, 7.1.1.8, 7.1.1.9, 7.5.0.1, 7.5.0.2, 7.5.0.3, 7.5.0.4, 7.5.0.5, 7.6, 7.5.0, 7.6.0 Version: IBM Maximo Asset Management 6.2, 7.1, 7.5, 7.5.0.0, 7.5.0.10, 7.1.0.0, 6.2.0.0, 7.2, 7.1.1, 7.1.2, 7.2.1, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 7.1.1.1, 7.1.1.10, 7.1.1.11, 7.1.1.12, 7..10
Version: 7.1.0.0
Version: 6.2.0.0
Version: 7.2
Version: 7.1.1
Version: 7.1.2
Version: 7.2.1
Version: 6.2.1
Version: 6.2.2
Version: 6.2.3
Version: 6.2.4
Version: 6.2.5
Version: 6.2.6
Version: 6.2.7
Version: 6.2.8
Version: 7.1.1.1
Version: 7.1.1.10
Version: 7.1.1.11
Version: 7.1.1.12
Version: 7.1.1.2
Version: 7.1.1.5
Version: 7.1.1.6
Version: 7.1.1.7
Version: 7.1.1.8
Version: 7.1.1.9
Version: 7.5.0.1
Version: 7.5.0.2
Version: 7.5.0.3
Version: 7.5.0.4
Version: 7.5.0.5
Version: 7.6
Version: 7.5.0
Version: 7.6.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:10.043Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21988252"
          },
          {
            "name": "92535",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92535"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IBM Maximo Asset Management 6.2, 7.1, 7.5, 7.5.0.0, 7.5.0.10, 7.1.0.0, 6.2.0.0, 7.2, 7.1.1, 7.1.2, 7.2.1, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 7.1.1.1, 7.1.1.10, 7.1.1.11, 7.1.1.12, 7.1.1.2, 7.1.1.5, 7.1.1.6, 7.1.1.7, 7.1.1.8, 7.1.1.9, 7.5.0.1, 7.5.0.2, 7.5.0.3, 7.5.0.4, 7.5.0.5, 7.6, 7.5.0, 7.6.0",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "IBM Maximo Asset Management 6.2, 7.1, 7.5, 7.5.0.0, 7.5.0.10, 7.1.0.0, 6.2.0.0, 7.2, 7.1.1, 7.1.2, 7.2.1, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 7.1.1.1, 7.1.1.10, 7.1.1.11, 7.1.1.12, 7..10"
            },
            {
              "status": "affected",
              "version": "7.1.0.0"
            },
            {
              "status": "affected",
              "version": "6.2.0.0"
            },
            {
              "status": "affected",
              "version": "7.2"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.1.2"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "6.2.2"
            },
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.2.4"
            },
            {
              "status": "affected",
              "version": "6.2.5"
            },
            {
              "status": "affected",
              "version": "6.2.6"
            },
            {
              "status": "affected",
              "version": "6.2.7"
            },
            {
              "status": "affected",
              "version": "6.2.8"
            },
            {
              "status": "affected",
              "version": "7.1.1.1"
            },
            {
              "status": "affected",
              "version": "7.1.1.10"
            },
            {
              "status": "affected",
              "version": "7.1.1.11"
            },
            {
              "status": "affected",
              "version": "7.1.1.12"
            },
            {
              "status": "affected",
              "version": "7.1.1.2"
            },
            {
              "status": "affected",
              "version": "7.1.1.5"
            },
            {
              "status": "affected",
              "version": "7.1.1.6"
            },
            {
              "status": "affected",
              "version": "7.1.1.7"
            },
            {
              "status": "affected",
              "version": "7.1.1.8"
            },
            {
              "status": "affected",
              "version": "7.1.1.9"
            },
            {
              "status": "affected",
              "version": "7.5.0.1"
            },
            {
              "status": "affected",
              "version": "7.5.0.2"
            },
            {
              "status": "affected",
              "version": "7.5.0.3"
            },
            {
              "status": "affected",
              "version": "7.5.0.4"
            },
            {
              "status": "affected",
              "version": "7.5.0.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            },
            {
              "status": "affected",
              "version": "7.5.0"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            }
          ]
        }
      ],
      "datePublic": "2016-08-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-09T10:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21988252"
        },
        {
          "name": "92535",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92535"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-5902",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IBM Maximo Asset Management 6.2, 7.1, 7.5, 7.5.0.0, 7.5.0.10, 7.1.0.0, 6.2.0.0, 7.2, 7.1.1, 7.1.2, 7.2.1, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 7.1.1.1, 7.1.1.10, 7.1.1.11, 7.1.1.12, 7.1.1.2, 7.1.1.5, 7.1.1.6, 7.1.1.7, 7.1.1.8, 7.1.1.9, 7.5.0.1, 7.5.0.2, 7.5.0.3, 7.5.0.4, 7.5.0.5, 7.6, 7.5.0, 7.6.0",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "IBM Maximo Asset Management 6.2, 7.1, 7.5, 7.5.0.0, 7.5.0.10, 7.1.0.0, 6.2.0.0, 7.2, 7.1.1, 7.1.2, 7.2.1, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 7.1.1.1, 7.1.1.10, 7.1.1.11, 7.1.1.12, 7..10"
                          },
                          {
                            "version_value": "7.1.0.0"
                          },
                          {
                            "version_value": "6.2.0.0"
                          },
                          {
                            "version_value": "7.2"
                          },
                          {
                            "version_value": "7.1.1"
                          },
                          {
                            "version_value": "7.1.2"
                          },
                          {
                            "version_value": "7.2.1"
                          },
                          {
                            "version_value": "6.2.1"
                          },
                          {
                            "version_value": "6.2.2"
                          },
                          {
                            "version_value": "6.2.3"
                          },
                          {
                            "version_value": "6.2.4"
                          },
                          {
                            "version_value": "6.2.5"
                          },
                          {
                            "version_value": "6.2.6"
                          },
                          {
                            "version_value": "6.2.7"
                          },
                          {
                            "version_value": "6.2.8"
                          },
                          {
                            "version_value": "7.1.1.1"
                          },
                          {
                            "version_value": "7.1.1.10"
                          },
                          {
                            "version_value": "7.1.1.11"
                          },
                          {
                            "version_value": "7.1.1.12"
                          },
                          {
                            "version_value": "7.1.1.2"
                          },
                          {
                            "version_value": "7.1.1.5"
                          },
                          {
                            "version_value": "7.1.1.6"
                          },
                          {
                            "version_value": "7.1.1.7"
                          },
                          {
                            "version_value": "7.1.1.8"
                          },
                          {
                            "version_value": "7.1.1.9"
                          },
                          {
                            "version_value": "7.5.0.1"
                          },
                          {
                            "version_value": "7.5.0.2"
                          },
                          {
                            "version_value": "7.5.0.3"
                          },
                          {
                            "version_value": "7.5.0.4"
                          },
                          {
                            "version_value": "7.5.0.5"
                          },
                          {
                            "version_value": "7.6"
                          },
                          {
                            "version_value": "7.5.0"
                          },
                          {
                            "version_value": "7.6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21988252",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21988252"
            },
            {
              "name": "92535",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92535"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-5902",
    "datePublished": "2017-02-08T22:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:15:10.043Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0893 (GCVE-0-2014-0893)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 09:27
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "ibm-maximo-cve20140893-xss(91287)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91287"
          },
          {
            "name": "IV55019",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55019"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "ibm-maximo-cve20140893-xss(91287)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91287"
        },
        {
          "name": "IV55019",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55019"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0893",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "ibm-maximo-cve20140893-xss(91287)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91287"
            },
            {
              "name": "IV55019",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55019"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0893",
    "datePublished": "2014-05-26T16:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.285Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7451 (GCVE-0-2015-7451)
Vulnerability from cvelistv5
Published
2016-01-02 02:00
Modified
2024-08-06 07:51
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.617Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-02T04:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7451",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7451",
    "datePublished": "2016-01-02T02:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.617Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4965 (GCVE-0-2015-4965)
Vulnerability from cvelistv5
Published
2015-10-05 10:00
Modified
2024-08-06 06:32
Severity ?
CWE
  • n/a
Summary
maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.854Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-10-05T02:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-4965",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-4965",
    "datePublished": "2015-10-05T10:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3322 (GCVE-0-2012-3322)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 20:05
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:10.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV23838",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "mam-displayname-xss(77918)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV23838",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "mam-displayname-xss(77918)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3322",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV23838",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "mam-displayname-xss(77918)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3322",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T20:05:10.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-47718 (GCVE-0-2023-47718)
Vulnerability from cvelistv5
Published
2024-01-19 01:14
Modified
2025-06-17 21:19
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE
  • CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:16:43.661Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7107738"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7107740"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271843"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47718",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-19T15:40:31.450853Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T21:19:23.844Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.3"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management Manage Component",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.10, 8.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  IBM X-Force ID:  271843."
            }
          ],
          "value": "IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  IBM X-Force ID:  271843."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-19T01:14:42.543Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7107738"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7107740"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271843"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Asset Management cross-site request forgery",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-47718",
    "datePublished": "2024-01-19T01:14:42.543Z",
    "dateReserved": "2023-11-09T11:31:13.141Z",
    "dateUpdated": "2025-06-17T21:19:23.844Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-27864 (GCVE-0-2023-27864)
Vulnerability from cvelistv5
Published
2023-04-28 17:01
Modified
2025-01-30 19:24
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE
  • 80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 249327.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.2, 7.6.1.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:23:29.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6983460"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249327"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27864",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-30T19:24:43.289999Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-30T19:24:51.336Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.2, 7.6.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.  IBM X-Force ID:  249327."
            }
          ],
          "value": "IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.  IBM X-Force ID:  249327."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-28T17:01:04.242Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6983460"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249327"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Asset Management HTML injection",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-27864",
    "datePublished": "2023-04-28T17:01:04.242Z",
    "dateReserved": "2023-03-06T20:01:41.708Z",
    "dateUpdated": "2025-01-30T19:24:51.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3326 (GCVE-0-2012-3326)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 20:05
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:10.852Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "name": "ibm-maximo-xss-iv20344(77960)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77960"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          },
          {
            "name": "IV20344",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20344"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "name": "ibm-maximo-xss-iv20344(77960)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77960"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        },
        {
          "name": "IV20344",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20344"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3326",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "ibm-maximo-xss-iv20344(77960)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77960"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            },
            {
              "name": "IV20344",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20344"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3326",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T20:05:10.852Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45652 (GCVE-0-2024-45652)
Vulnerability from cvelistv5
Published
2025-01-19 02:42
Modified
2025-01-21 20:28
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.3
    cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45652",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-21T20:28:41.931377Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-21T20:28:47.429Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
            }
          ],
          "value": "IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-19T02:42:18.748Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7174820"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Asset Management directory traversal",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-45652",
    "datePublished": "2025-01-19T02:42:18.748Z",
    "dateReserved": "2024-09-03T13:50:26.296Z",
    "dateUpdated": "2025-01-21T20:28:47.429Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5987 (GCVE-0-2016-5987)
Vulnerability from cvelistv5
Published
2016-11-30 11:00
Modified
2024-08-06 01:15
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:10.500Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "93511",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93511"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990449"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-30T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "93511",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93511"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990449"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-5987",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93511",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93511"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21990449",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990449"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-5987",
    "datePublished": "2016-11-30T11:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:15:10.500Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4017 (GCVE-0-2013-4017)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 16:30
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.849Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "maximo-cve20134017-sql-injection(85794)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85794"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          },
          {
            "name": "IV42682",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42682"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "maximo-cve20134017-sql-injection(85794)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85794"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        },
        {
          "name": "IV42682",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42682"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-4017",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "maximo-cve20134017-sql-injection(85794)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85794"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            },
            {
              "name": "IV42682",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42682"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-4017",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.849Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3024 (GCVE-0-2014-3024)
Vulnerability from cvelistv5
Published
2014-08-29 10:00
Modified
2024-08-06 10:28
Severity ?
CWE
  • n/a
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.384Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20143024-csrf(93063)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93063"
          },
          {
            "name": "1030781",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030781"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679918"
          },
          {
            "name": "IV56643",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56643"
          },
          {
            "name": "60408",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60408"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20143024-csrf(93063)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93063"
        },
        {
          "name": "1030781",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030781"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679918"
        },
        {
          "name": "IV56643",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56643"
        },
        {
          "name": "60408",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60408"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3024",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20143024-csrf(93063)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93063"
            },
            {
              "name": "1030781",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030781"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679918",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679918"
            },
            {
              "name": "IV56643",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56643"
            },
            {
              "name": "60408",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60408"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3024",
    "datePublished": "2014-08-29T10:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.384Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4749 (GCVE-0-2019-4749)
Vulnerability from cvelistv5
Published
2020-04-17 13:25
Modified
2024-09-17 03:22
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:49.060Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6193479"
          },
          {
            "name": "ibm-maximo-cve20194749-xss (173308)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2020-04-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/PR:L/UI:R/AV:N/A:N/AC:L/C:L/I:L/S:C/RC:C/RL:O/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-17T13:25:26",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6193479"
        },
        {
          "name": "ibm-maximo-cve20194749-xss (173308)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-04-16T00:00:00",
          "ID": "CVE-2019-4749",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6193479",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6193479 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6193479"
            },
            {
              "name": "ibm-maximo-cve20194749-xss (173308)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4749",
    "datePublished": "2020-04-17T13:25:26.685011Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T03:22:52.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3328 (GCVE-0-2012-3328)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 20:05
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:10.811Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "mam-hiddenframefooter-xss(78040)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78040"
          },
          {
            "name": "IV20823",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "mam-hiddenframefooter-xss(78040)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78040"
        },
        {
          "name": "IV20823",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3328",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "mam-hiddenframefooter-xss(78040)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78040"
            },
            {
              "name": "IV20823",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3328",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T20:05:10.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0727 (GCVE-0-2012-0727)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 18:38
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.436Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV17963",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17963"
          },
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "name": "ibm-maximo-sql-injection-iv17963(74306)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74306"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV17963",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17963"
        },
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "name": "ibm-maximo-sql-injection-iv17963(74306)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74306"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0727",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV17963",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17963"
            },
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "ibm-maximo-sql-injection-iv17963(74306)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74306"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0727",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1208 (GCVE-0-2017-1208)
Vulnerability from cvelistv5
Published
2017-07-05 17:00
Modified
2024-09-16 23:20
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123778.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.1
Version: 7.5
Version: 7.1.1
Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.485Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99367",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99367"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123778"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22005243"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123778."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-06T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "99367",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99367"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123778"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22005243"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-06-30T00:00:00",
          "ID": "CVE-2017-1208",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.1"
                          },
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.1.1"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123778."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99367",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99367"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123778",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123778"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22005243",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005243"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1208",
    "datePublished": "2017-07-05T17:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T23:20:20.550Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4014 (GCVE-0-2013-4014)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 16:30
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
http://secunia.com/advisories/55070 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IV39515 vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/55068 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21651085 x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/85792 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.776Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55070"
          },
          {
            "name": "IV39515",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39515"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          },
          {
            "name": "maximo-cve20134014-xss(85792)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85792"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "55070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55070"
        },
        {
          "name": "IV39515",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39515"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        },
        {
          "name": "maximo-cve20134014-xss(85792)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85792"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-4014",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55070"
            },
            {
              "name": "IV39515",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39515"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            },
            {
              "name": "maximo-cve20134014-xss(85792)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85792"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-4014",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.776Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-6102 (GCVE-0-2014-6102)
Vulnerability from cvelistv5
Published
2015-02-17 01:00
Modified
2024-08-06 12:03
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:03:02.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
          },
          {
            "name": "ibm-maximo-cve20146102-sec-bypass(96141)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
        },
        {
          "name": "ibm-maximo-cve20146102-sec-bypass(96141)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6102",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
            },
            {
              "name": "ibm-maximo-cve20146102-sec-bypass(96141)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6102",
    "datePublished": "2015-02-17T01:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:03:02.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-1558 (GCVE-0-2017-1558)
Vulnerability from cvelistv5
Published
2017-12-13 18:00
Modified
2024-09-16 16:43
Severity ?
CWE
  • Gain Access
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.5
Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:30.652Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102211",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102211"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-19T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "102211",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102211"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-12-11T00:00:00",
          "ID": "CVE-2017-1558",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102211",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102211"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22010595",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1558",
    "datePublished": "2017-12-13T18:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T16:43:14.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-32337 (GCVE-0-2023-32337)
Vulnerability from cvelistv5
Published
2024-01-19 01:17
Modified
2024-11-13 17:56
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE
  • CWE-918 - Server-Side Request Forgery (SSRF)
Summary
IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288.
References
Impacted products
Vendor Product Version
IBM Maximo Spatial Asset Management Version: 8.10
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:10:24.948Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7107712"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255288"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32337",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T17:40:31.879853Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T17:56:03.972Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Spatial Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.  IBM X-Force ID:  255288."
            }
          ],
          "value": "IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.  IBM X-Force ID:  255288."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-19T01:17:10.283Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7107712"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255288"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Spatial Asset Management server-side request forgery",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-32337",
    "datePublished": "2024-01-19T01:17:10.283Z",
    "dateReserved": "2023-05-08T18:32:52.654Z",
    "dateUpdated": "2024-11-13T17:56:03.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0746 (GCVE-0-2012-0746)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 18:38
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:14.219Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV17961",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17961"
          },
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          },
          {
            "name": "ibm-maximo-xss-iv17961(74726)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV17961",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17961"
        },
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        },
        {
          "name": "ibm-maximo-xss-iv17961(74726)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74726"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0746",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV17961",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17961"
            },
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            },
            {
              "name": "ibm-maximo-xss-iv17961(74726)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74726"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0746",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:14.219Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-6355 (GCVE-0-2012-6355)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 21:28
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:28:39.432Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "mam-work-order-priv-esc(80747)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747"
          },
          {
            "name": "IV30384",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "mam-work-order-priv-esc(80747)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747"
        },
        {
          "name": "IV30384",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-6355",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "mam-work-order-priv-esc(80747)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747"
            },
            {
              "name": "IV30384",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-6355",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T21:28:39.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-6357 (GCVE-0-2012-6357)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 21:28
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:28:39.783Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV23511",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511"
          },
          {
            "name": "mam-asset-lookup-priv-esc(80749)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80749"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV23511",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511"
        },
        {
          "name": "mam-asset-lookup-priv-esc(80749)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80749"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-6357",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV23511",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511"
            },
            {
              "name": "mam-asset-lookup-priv-esc(80749)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80749"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-6357",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T21:28:39.783Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4529 (GCVE-0-2020-4529)
Vulnerability from cvelistv5
Published
2020-06-08 12:55
Modified
2024-09-17 04:14
Severity ?
7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
CWE
  • Gain Access
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.0
Version: 7.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:07:48.910Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6220528"
          },
          {
            "name": "ibm-maximo-cve20204529-ssrf (182713)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182713"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            }
          ]
        }
      ],
      "datePublic": "2020-06-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/S:U/AC:L/C:L/PR:N/AV:N/A:L/I:L/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-08T12:55:12",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6220528"
        },
        {
          "name": "ibm-maximo-cve20204529-ssrf (182713)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182713"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-06-05T00:00:00",
          "ID": "CVE-2020-4529",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6220528",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6220528 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6220528"
            },
            {
              "name": "ibm-maximo-cve20204529-ssrf (182713)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182713"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4529",
    "datePublished": "2020-06-08T12:55:12.661833Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-17T04:14:33.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7396 (GCVE-0-2015-7396)
Vulnerability from cvelistv5
Published
2016-01-02 21:00
Modified
2024-08-06 07:51
Severity ?
CWE
  • n/a
Summary
The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.226Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-02T21:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7396",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7396",
    "datePublished": "2016-01-02T21:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3049 (GCVE-0-2013-3049)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 16:00
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3971.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:00:09.824Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "name": "maximo-cve20133049-sec-bypass(84847)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84847"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          },
          {
            "name": "IV37599",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV37599"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3971."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "name": "maximo-cve20133049-sec-bypass(84847)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84847"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        },
        {
          "name": "IV37599",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV37599"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-3049",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3971."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "maximo-cve20133049-sec-bypass(84847)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84847"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            },
            {
              "name": "IV37599",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV37599"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-3049",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-04-12T00:00:00",
    "dateUpdated": "2024-08-06T16:00:09.824Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7452 (GCVE-0-2015-7452)
Vulnerability from cvelistv5
Published
2016-01-02 21:00
Modified
2024-08-06 07:51
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.521Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-02T21:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7452",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7452",
    "datePublished": "2016-01-02T21:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.521Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-0457 (GCVE-0-2013-0457)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 14:25
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:25:10.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV20590",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "mam-uisessionid-xss(81011)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV20590",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "mam-uisessionid-xss(81011)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81011"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-0457",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV20590",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "mam-uisessionid-xss(81011)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81011"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-0457",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T14:25:10.357Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-43866 (GCVE-0-2022-43866)
Vulnerability from cvelistv5
Published
2023-05-05 18:20
Modified
2025-01-29 16:08
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.2, 7.6.1.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:40:06.870Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6983534"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239436"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-43866",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T16:07:15.755907Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-29T16:08:06.495Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.2, 7.6.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  239436."
            }
          ],
          "value": "IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  239436."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-12T03:13:46.653Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6983534"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239436"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Asset Management cross-site scripting",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-43866",
    "datePublished": "2023-05-05T18:20:16.402Z",
    "dateReserved": "2022-10-26T15:46:22.824Z",
    "dateUpdated": "2025-01-29T16:08:06.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0393 (GCVE-0-2016-0393)
Vulnerability from cvelistv5
Published
2016-07-17 22:00
Modified
2024-08-05 22:15
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:24.420Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986053"
          },
          {
            "name": "91744",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91744"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986053"
        },
        {
          "name": "91744",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91744"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0393",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21986053",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986053"
            },
            {
              "name": "91744",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91744"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0393",
    "datePublished": "2016-07-17T22:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:24.420Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5896 (GCVE-0-2016-5896)
Vulnerability from cvelistv5
Published
2017-02-01 20:00
Modified
2024-08-06 01:15
Severity ?
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.
References
Impacted products
Vendor Product Version
IBM Corporation Maximo Asset Management Version: 6.2
Version: 7.1
Version: 7.5
Version: 7.5.0.0
Version: 7.5.0.10
Version: 7.1.0.0
Version: 6.2.0.0
Version: 7.2
Version: 7.1.1
Version: 7.1.2
Version: 7.2.1
Version: 6.2.1
Version: 6.2.2
Version: 6.2.3
Version: 6.2.4
Version: 6.2.5
Version: 6.2.6
Version: 6.2.7
Version: 6.2.8
Version: 7.1.1.1
Version: 7.1.1.10
Version: 7.1.1.11
Version: 7.1.1.12
Version: 7.1.1.2
Version: 7.1.1.5
Version: 7.1.1.6
Version: 7.1.1.7
Version: 7.1.1.8
Version: 7.1.1.9
Version: 7.5.0.1
Version: 7.5.0.2
Version: 7.5.0.3
Version: 7.5.0.4
Version: 7.5.0.5
Version: 7.6
Version: 7.5.0
Version: 7.6.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:10.790Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21987855"
          },
          {
            "name": "93872",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93872"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.5.0.0"
            },
            {
              "status": "affected",
              "version": "7.5.0.10"
            },
            {
              "status": "affected",
              "version": "7.1.0.0"
            },
            {
              "status": "affected",
              "version": "6.2.0.0"
            },
            {
              "status": "affected",
              "version": "7.2"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.1.2"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "6.2.2"
            },
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.2.4"
            },
            {
              "status": "affected",
              "version": "6.2.5"
            },
            {
              "status": "affected",
              "version": "6.2.6"
            },
            {
              "status": "affected",
              "version": "6.2.7"
            },
            {
              "status": "affected",
              "version": "6.2.8"
            },
            {
              "status": "affected",
              "version": "7.1.1.1"
            },
            {
              "status": "affected",
              "version": "7.1.1.10"
            },
            {
              "status": "affected",
              "version": "7.1.1.11"
            },
            {
              "status": "affected",
              "version": "7.1.1.12"
            },
            {
              "status": "affected",
              "version": "7.1.1.2"
            },
            {
              "status": "affected",
              "version": "7.1.1.5"
            },
            {
              "status": "affected",
              "version": "7.1.1.6"
            },
            {
              "status": "affected",
              "version": "7.1.1.7"
            },
            {
              "status": "affected",
              "version": "7.1.1.8"
            },
            {
              "status": "affected",
              "version": "7.1.1.9"
            },
            {
              "status": "affected",
              "version": "7.5.0.1"
            },
            {
              "status": "affected",
              "version": "7.5.0.2"
            },
            {
              "status": "affected",
              "version": "7.5.0.3"
            },
            {
              "status": "affected",
              "version": "7.5.0.4"
            },
            {
              "status": "affected",
              "version": "7.5.0.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            },
            {
              "status": "affected",
              "version": "7.5.0"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-02T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21987855"
        },
        {
          "name": "93872",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93872"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-5896",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.2"
                          },
                          {
                            "version_value": "7.1"
                          },
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.5.0.0"
                          },
                          {
                            "version_value": "7.5.0.10"
                          },
                          {
                            "version_value": "7.1.0.0"
                          },
                          {
                            "version_value": "6.2.0.0"
                          },
                          {
                            "version_value": "7.2"
                          },
                          {
                            "version_value": "7.1.1"
                          },
                          {
                            "version_value": "7.1.2"
                          },
                          {
                            "version_value": "7.2.1"
                          },
                          {
                            "version_value": "6.2.1"
                          },
                          {
                            "version_value": "6.2.2"
                          },
                          {
                            "version_value": "6.2.3"
                          },
                          {
                            "version_value": "6.2.4"
                          },
                          {
                            "version_value": "6.2.5"
                          },
                          {
                            "version_value": "6.2.6"
                          },
                          {
                            "version_value": "6.2.7"
                          },
                          {
                            "version_value": "6.2.8"
                          },
                          {
                            "version_value": "7.1.1.1"
                          },
                          {
                            "version_value": "7.1.1.10"
                          },
                          {
                            "version_value": "7.1.1.11"
                          },
                          {
                            "version_value": "7.1.1.12"
                          },
                          {
                            "version_value": "7.1.1.2"
                          },
                          {
                            "version_value": "7.1.1.5"
                          },
                          {
                            "version_value": "7.1.1.6"
                          },
                          {
                            "version_value": "7.1.1.7"
                          },
                          {
                            "version_value": "7.1.1.8"
                          },
                          {
                            "version_value": "7.1.1.9"
                          },
                          {
                            "version_value": "7.5.0.1"
                          },
                          {
                            "version_value": "7.5.0.2"
                          },
                          {
                            "version_value": "7.5.0.3"
                          },
                          {
                            "version_value": "7.5.0.4"
                          },
                          {
                            "version_value": "7.5.0.5"
                          },
                          {
                            "version_value": "7.6"
                          },
                          {
                            "version_value": "7.5.0"
                          },
                          {
                            "version_value": "7.6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21987855",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21987855"
            },
            {
              "name": "93872",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93872"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-5896",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:15:10.790Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4583 (GCVE-0-2019-4583)
Vulnerability from cvelistv5
Published
2020-02-20 16:45
Modified
2024-09-16 22:03
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.1
Version: 7.6.0.10
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:48.403Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/3002121"
          },
          {
            "name": "ibm-maximo-cve20194583-info-disc (167289)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167289"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.1"
            },
            {
              "status": "affected",
              "version": "7.6.0.10"
            }
          ]
        }
      ],
      "datePublic": "2020-02-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/A:N/C:L/AV:N/PR:L/AC:L/S:U/I:N/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-20T16:45:17",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/3002121"
        },
        {
          "name": "ibm-maximo-cve20194583-info-disc (167289)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167289"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-19T00:00:00",
          "ID": "CVE-2019-4583",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.1.1"
                          },
                          {
                            "version_value": "7.6.0.10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/3002121",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 3002121 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/3002121"
            },
            {
              "name": "ibm-maximo-cve20194583-info-disc (167289)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167289"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4583",
    "datePublished": "2020-02-20T16:45:17.868567Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T22:03:25.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0824 (GCVE-0-2014-0824)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 09:27
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV52829",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "ibm-maximo-cve20140824-xss(90500)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV52829",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "ibm-maximo-cve20140824-xss(90500)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0824",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV52829",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "ibm-maximo-cve20140824-xss(90500)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0824",
    "datePublished": "2014-05-26T16:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.078Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1394 (GCVE-0-2011-1394)
Vulnerability from cvelistv5
Published
2012-03-13 01:00
Modified
2024-08-06 22:28
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session.
References
http://www.ibm.com/support/docview.wss?uid=swg21584666 x_refsource_CONFIRM
http://secunia.com/advisories/48299 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/71985 vdb-entry, x_refsource_XF
http://secunia.com/advisories/48305 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157 vendor-advisory, x_refsource_AIXAPAR
http://www.securityfocus.com/bid/52333 vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:40.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "maximo-uisession-dos(71985)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985"
          },
          {
            "name": "48305",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48305"
          },
          {
            "name": "IV09157",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "maximo-uisession-dos(71985)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985"
        },
        {
          "name": "48305",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48305"
        },
        {
          "name": "IV09157",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1394",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "maximo-uisession-dos(71985)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985"
            },
            {
              "name": "48305",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "IV09157",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1394",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-03-10T00:00:00",
    "dateUpdated": "2024-08-06T22:28:40.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5381 (GCVE-0-2013-5381)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 17:06
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.
References
http://secunia.com/advisories/55070 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/55068 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21651085 x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/86932 vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg1IV35394 vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:06:52.361Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55070"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          },
          {
            "name": "maximo-cve20135381-priv-esc(86932)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86932"
          },
          {
            "name": "IV35394",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV35394"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "55070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55070"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        },
        {
          "name": "maximo-cve20135381-priv-esc(86932)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86932"
        },
        {
          "name": "IV35394",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV35394"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5381",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55070"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            },
            {
              "name": "maximo-cve20135381-priv-esc(86932)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86932"
            },
            {
              "name": "IV35394",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV35394"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-5381",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:06:52.361Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3048 (GCVE-0-2013-3048)
Vulnerability from cvelistv5
Published
2013-10-01 10:00
Modified
2024-08-06 16:00
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
http://secunia.com/advisories/55070 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IV36375 vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/55068 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21651085 x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/84845 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:00:08.388Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "55070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55070"
          },
          {
            "name": "IV36375",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV36375"
          },
          {
            "name": "55068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
          },
          {
            "name": "maximo-cve20133048-xss(84845)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84845"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "55070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55070"
        },
        {
          "name": "IV36375",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV36375"
        },
        {
          "name": "55068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
        },
        {
          "name": "maximo-cve20133048-xss(84845)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84845"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-3048",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55070",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55070"
            },
            {
              "name": "IV36375",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV36375"
            },
            {
              "name": "55068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55068"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
            },
            {
              "name": "maximo-cve20133048-xss(84845)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84845"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-3048",
    "datePublished": "2013-10-01T10:00:00",
    "dateReserved": "2013-04-12T00:00:00",
    "dateUpdated": "2024-08-06T16:00:08.388Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45088 (GCVE-0-2024-45088)
Vulnerability from cvelistv5
Published
2024-11-11 16:01
Modified
2024-11-11 17:54
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.3
    cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45088",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-11T17:54:05.502582Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-11T17:54:23.187Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "value": "IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-11T16:01:25.382Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7174818"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo Asset Management cross-site scripting",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-45088",
    "datePublished": "2024-11-11T16:01:25.382Z",
    "dateReserved": "2024-08-21T19:11:05.063Z",
    "dateUpdated": "2024-11-11T17:54:23.187Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-20509 (GCVE-0-2021-20509)
Vulnerability from cvelistv5
Published
2021-08-12 16:05
Modified
2024-09-17 03:32
Severity ?
7.0 (High) - CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CWE
  • Gain Access
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.0
Version: 7.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6480377"
          },
          {
            "name": "ibm-maximo-cve202120509-code-exec (198243)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198243"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            }
          ]
        }
      ],
      "datePublic": "2021-08-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.1,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/I:H/AC:H/S:U/A:H/UI:R/AV:L/PR:N/C:H/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-12T16:05:10",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6480377"
        },
        {
          "name": "ibm-maximo-cve202120509-code-exec (198243)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198243"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-08-11T00:00:00",
          "ID": "CVE-2021-20509",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "N",
              "S": "U",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6480377",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6480377 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/6480377"
            },
            {
              "name": "ibm-maximo-cve202120509-code-exec (198243)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198243"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20509",
    "datePublished": "2021-08-12T16:05:10.550691Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-17T03:32:23.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1554 (GCVE-0-2018-1554)
Vulnerability from cvelistv5
Published
2018-08-02 14:00
Modified
2024-09-16 19:19
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142891.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:43.474Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20181554-xss(142891)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142891"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10713695"
          },
          {
            "name": "104959",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104959"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2018-07-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142891."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-06T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20181554-xss(142891)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142891"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10713695"
        },
        {
          "name": "104959",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104959"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-07-30T00:00:00",
          "ID": "CVE-2018-1554",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142891."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20181554-xss(142891)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142891"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10713695",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10713695"
            },
            {
              "name": "104959",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104959"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1554",
    "datePublished": "2018-08-02T14:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T19:19:18.429Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0714 (GCVE-0-2012-0714)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 18:30
Severity ?
CWE
  • n/a
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
http://osvdb.org/85179 vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/50551 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/73534 vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg21610081 x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085 vendor-advisory, x_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497 vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:30:54.163Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "85179",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/85179"
          },
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "name": "ibm-maximo-csrf(73534)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73534"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          },
          {
            "name": "IV16085",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085"
          },
          {
            "name": "IV16497",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "85179",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/85179"
        },
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "name": "ibm-maximo-csrf(73534)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73534"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        },
        {
          "name": "IV16085",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085"
        },
        {
          "name": "IV16497",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0714",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "85179",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/85179"
            },
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "ibm-maximo-csrf(73534)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73534"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            },
            {
              "name": "IV16085",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085"
            },
            {
              "name": "IV16497",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0714",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:30:54.163Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1528 (GCVE-0-2018-1528)
Vulnerability from cvelistv5
Published
2018-08-06 14:00
Modified
2024-09-17 03:17
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
Version: 7.6.0
Version: 7.6.0.1
Version: 7.6.1
Version: 7.6.2
Version: 7.6.2.1
Version: 7.6.2.2
Version: 7.6.2.3
Version: 7.6.2.4
Version: 7.6.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:42.921Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
          },
          {
            "name": "105023",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105023"
          },
          {
            "name": "ibm-maximo-cve20181528-info-disc(142290)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.0.1"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.1"
            },
            {
              "status": "affected",
              "version": "7.6.2.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.3"
            },
            {
              "status": "affected",
              "version": "7.6.2.4"
            },
            {
              "status": "affected",
              "version": "7.6.3"
            }
          ]
        }
      ],
      "datePublic": "2018-07-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-09T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
        },
        {
          "name": "105023",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105023"
        },
        {
          "name": "ibm-maximo-cve20181528-info-disc(142290)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-07-31T00:00:00",
          "ID": "CVE-2018-1528",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          },
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.0.1"
                          },
                          {
                            "version_value": "7.6.1"
                          },
                          {
                            "version_value": "7.6.2"
                          },
                          {
                            "version_value": "7.6.2.1"
                          },
                          {
                            "version_value": "7.6.2.2"
                          },
                          {
                            "version_value": "7.6.2.3"
                          },
                          {
                            "version_value": "7.6.2.4"
                          },
                          {
                            "version_value": "7.6.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=swg22017450",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
            },
            {
              "name": "105023",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105023"
            },
            {
              "name": "ibm-maximo-cve20181528-info-disc(142290)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1528",
    "datePublished": "2018-08-06T14:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T03:17:22.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1584 (GCVE-0-2018-1584)
Vulnerability from cvelistv5
Published
2018-11-28 17:00
Modified
2024-09-16 20:02
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143497.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:43.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20181584-xss(143497)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143497"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10741821"
          },
          {
            "name": "106125",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106125"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2018-11-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143497."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-07T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20181584-xss(143497)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143497"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10741821"
        },
        {
          "name": "106125",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106125"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-11-26T00:00:00",
          "ID": "CVE-2018-1584",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143497."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20181584-xss(143497)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143497"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10741821",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10741821"
            },
            {
              "name": "106125",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106125"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1584",
    "datePublished": "2018-11-28T17:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T20:02:46.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-2183 (GCVE-0-2012-2183)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 19:26
Severity ?
CWE
  • n/a
Summary
Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/75776 vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212 vendor-advisory, x_refsource_AIXAPAR
http://osvdb.org/85185 vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/50551 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21610081 x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.587Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-session-fixation-iv09212(75776)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75776"
          },
          {
            "name": "IV09212",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212"
          },
          {
            "name": "85185",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/85185"
          },
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-session-fixation-iv09212(75776)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75776"
        },
        {
          "name": "IV09212",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212"
        },
        {
          "name": "85185",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/85185"
        },
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2183",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-session-fixation-iv09212(75776)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75776"
            },
            {
              "name": "IV09212",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212"
            },
            {
              "name": "85185",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/85185"
            },
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2183",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:08.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4303 (GCVE-0-2019-4303)
Vulnerability from cvelistv5
Published
2019-06-19 13:30
Modified
2024-09-16 23:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:38.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
          },
          {
            "name": "ibm-maximo-cve20194303-xss (160949)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
          },
          {
            "name": "108912",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108912"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/C:L/I:L/S:C/A:N/AC:L/UI:R/AV:N/PR:L/RL:O/RC:C/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T13:06:08",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
        },
        {
          "name": "ibm-maximo-cve20194303-xss (160949)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
        },
        {
          "name": "108912",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108912"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-17T00:00:00",
          "ID": "CVE-2019-4303",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10887563",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 887563 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
            },
            {
              "name": "ibm-maximo-cve20194303-xss (160949)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
            },
            {
              "name": "108912",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108912"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4303",
    "datePublished": "2019-06-19T13:30:19.709079Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T23:00:36.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2022-02-18 18:15
Modified
2024-11-21 06:18
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/210892VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6557318Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/210892VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6557318Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6.1.2, no requiere que usuarios tengan contrase\u00f1as seguras por defecto, lo que facilita a atacantes comprometer las cuentas de usuarios. IBM X-Force ID: 210892"
    }
  ],
  "id": "CVE-2021-38935",
  "lastModified": "2024-11-21T06:18:14.727",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-02-18T18:15:09.373",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210892"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6557318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6557318"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-521"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-15 14:15
Modified
2024-11-21 04:43
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/171437VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6332583Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/171437VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6332583Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management *
ibm maximo_asset_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F5BFFD-3CDA-4008-858E-2E4DDF67C8AF",
              "versionEndExcluding": "7.6.0.10",
              "versionStartIncluding": "7.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBFA44BB-1524-4330-A5DF-BDA56F1CE69B",
              "versionEndExcluding": "7.6.1.2",
              "versionStartIncluding": "7.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a una inyecci\u00f3n SQL.\u0026#xa0;Un atacante remoto podr\u00eda enviar sentencias SQL especialmente dise\u00f1adas, que podr\u00edan permitir al atacante visualizar, agregar, modificar o eliminar informaci\u00f3n en la base de datos del back-end.\u0026#xa0; IBM X-Force ID: 171437"
    }
  ],
  "id": "CVE-2019-4671",
  "lastModified": "2024-11-21T04:43:57.680",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-15T14:15:13.427",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171437"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6332583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6332583"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-07-05 17:29
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123778.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22005243Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/99367Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/123778VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22005243Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99367Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/123778VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123778."
    },
    {
      "lang": "es",
      "value": "IBM M\u00e1ximo Asset Management 7.1, 7.5 y 7.6 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a lo usuarios incrustar c\u00f3digo Javascript aleatorio en la interfaz web lo que alterar\u00eda la funcionalidad planeada potencialmente llevando a la revelaci\u00f3n de las credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 123778."
    }
  ],
  "id": "CVE-2017-1208",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-05T17:29:00.403",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005243"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99367"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005243"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123778"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-02-24 16:15
Modified
2024-11-21 04:44
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/172883VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/3245409Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/172883VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/3245409Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.0
ibm maximo_for_aviation 7.6.6
ibm maximo_for_aviation 7.6.7
ibm maximo_for_aviation 7.6.8
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.1
ibm maximo_for_oil_and_gas 7.6.1
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_transportation 7.6.2.5
ibm maximo_for_utilities 7.6.0.1
ibm maximo_for_utilities 7.6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E62D9C2-D670-4C11-8149-59730F0A3BD3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4317DA0E-678D-468F-8BE4-8BA20C01C588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB202BE-FF6E-49AC-84FF-F454361E5D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C05DA047-26F7-413E-8259-5F88C08AE2B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "532219AE-9F4D-49B0-A625-A690C9E8A7DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "160EE7B0-4F54-41F7-9266-C22776783BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BDF6664-537E-4CF8-9CCA-7C4746DE9B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F416A57-7B00-411D-B2D5-5BCB434568DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "73EEADC8-01D0-4D80-83E4-1643603485CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6.1.0, podr\u00eda permitir a un atacante remoto divulgar informaci\u00f3n confidencial a un usuario autentificado debido a una divulgaci\u00f3n de informaci\u00f3n de la ruta en la URL. IBM X-Force ID: 172883."
    }
  ],
  "id": "CVE-2019-4745",
  "lastModified": "2024-11-21T04:44:05.563",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-24T16:15:12.517",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172883"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/3245409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/3245409"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://secunia.com/advisories/55070
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV35394Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/86932
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55070
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV35394Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/86932
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.2 hasta la versi\u00f3n 6.2.8, y 7.1 hasta 7.1.1.12, y 7.5 anterior a la versi\u00f3n 7.5.0.3 permite a usuarios remotos autenticados obtener privilegios a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2013-5381",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-01T11:14:44.110",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV35394"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV35394"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86932"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with restricted storerooms, via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV46277
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/88362
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV46277
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/88362
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with restricted storerooms, via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.5.x anterior a 7.5.0.3 IFIX027, 7.5.0.4 anterior a IFIX011 y 7.5.0.5 anterior a IFIX006 y SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 permiten a usuarios remotos autenticados evadir restricciones de acceso, y modificar recuentos f\u00edsicos asociados con almacenes restringidos, a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-5464",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T16:55:02.863",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46277"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46277"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88362"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-03-13 03:12
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component.
References
cve@mitre.orghttp://secunia.com/advisories/48299
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1IV09190
cve@mitre.orghttp://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/52333
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/71999
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/71999
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management_essentials 6.2
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro reportType a un componente sin especificar."
    }
  ],
  "id": "CVE-2011-1396",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-03-13T03:12:25.947",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71999"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-07-05 17:29
Modified
2025-04-20 01:37
Severity ?
3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22005210Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/99371Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/123299VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22005210Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99371Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/123299VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299."
    },
    {
      "lang": "es",
      "value": "IBM M\u00e1ximo Asset Management 7.1, 7.5 y 7.6 permite a usuarios locales obtener informaci\u00f3n sensible debido a la retenci\u00f3n inapropiada de datos de los adjuntos. IBM X-Force ID: 123299."
    }
  ],
  "id": "CVE-2017-1176",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-05T17:29:00.327",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005210"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99371"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123299"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-03-13 03:12
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session.
References
cve@mitre.orghttp://secunia.com/advisories/48299
cve@mitre.orghttp://secunia.com/advisories/48305
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1IV09157
cve@mitre.orghttp://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/52333
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/71985
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48305
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/71985
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management_essentials 6.2
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm trivoli_service_request_manager 7.1
ibm trivoli_service_request_manager 7.2
ibm maximo_service_desk 6.2
ibm tivoli_change_and_configuration_management_database 6.2
ibm tivoli_change_and_configuration_management_database 7.1
ibm tivoli_change_and_configuration_management_database 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5878EF6C-4C54-4BFB-A58A-DBBB96664E8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FF0043-7A28-4ECB-9888-6FB057A766B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33DD3C44-B7B9-4FFF-8445-7C2C084F7DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4D3BE7-A7F0-431D-BB07-28DC94E8590F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A53DB8A-5966-4D70-A254-C098DB12B0B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5; IBM Tivoli Asset Management de IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change y Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de la memoria) estableciendo numerosas sesiones UI dentro de una sesi\u00f3n HTTP."
    }
  ],
  "id": "CVE-2011-1394",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-13T03:12:25.853",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-07-30 11:15
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.
References
psirt@us.ibm.comhttp://secunia.com/advisories/59570
psirt@us.ibm.comhttp://secunia.com/advisories/59640
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV56679
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21678885Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/archive/1/533110/100/0/threaded
psirt@us.ibm.comhttp://www.securityfocus.com/bid/68839
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/91883
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59570
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59640
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21678885Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/533110/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/68839
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/91883
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management_essentials *
ibm maximo_asset_management_essentials 6.2.0.0
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.1
ibm maximo_asset_management_essentials 7.5.0.2
ibm maximo_asset_management_essentials 7.5.0.3
ibm maximo_asset_management_essentials 7.5.0.4
ibm maximo_asset_management_essentials 7.5.0.5
ibm maximo_for_government *
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_life_sciences *
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_nuclear_power *
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_oil_and_gas *
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_transportation *
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_utilities *
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_service_desk *
ibm smartcloud_control_desk *
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm smartcloud_control_desk 7.5.1.2
ibm tivoli_it_asset_management_for_it *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8 y 6.x y 7.x hasta 7.5.0.6, Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk y Maximo Asset Management 6.2 hasta 6.2.8 para Tivoli IT Asset Management for IT y Maximo Service Desk permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del campo Query Description."
    }
  ],
  "id": "CVE-2014-0914",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-30T11:15:33.177",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/68839"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/68839"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-07-01 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.0 IFIX005 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21959613Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/75340
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21959613Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/75340
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.6.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.0 IFIX005 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta 7.1.1.13, 7.5.0 anterior a 7.5.0.8 IFIX001, y 7.6.0 anterior a 7.6.0.0 IFIX005 no impide el cacheo de respuestas HTTPS, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos obtener informaci\u00f3n sensible del cach\u00e9 local mediante el aprovechamiento de una estaci\u00f3n de trabajo desatendida."
    }
  ],
  "id": "CVE-2015-1951",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-01T10:59:01.100",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959613"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/75340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/75340"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-05-03 19:15
Modified
2024-11-21 06:01
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/205680VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6579187Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/205680VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6579187Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_application_suite 8.7
ibm maximo_asset_management 7.6.1.1
ibm maximo_asset_management 7.6.1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "707645A1-FCA2-4DCB-B1F2-C616B31E3A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.1.1 y 7.6.1.2, es vulnerable a una inyecci\u00f3n de encabezados HTTP, causada por una comprobaci\u00f3n inapropiada de la entrada de los encabezados HOST. Al enviar una petici\u00f3n HTTP especialmente dise\u00f1ada, un atacante remoto podr\u00eda explotar esta vulnerabilidad para inyectar la cabecera HTTP HOST, lo que permitir\u00eda al atacante conducir varios ataques contra el sistema vulnerable, incluyendo cross-site scripting, envenenamiento de cach\u00e9 o secuestro de sesi\u00f3n. ID de IBM X-Force: 205680"
    }
  ],
  "id": "CVE-2021-29854",
  "lastModified": "2024-11-21T06:01:55.400",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-05-03T19:15:07.827",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205680"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6579187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6579187"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-116"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-04-24 06:59
Modified
2025-04-20 01:37
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21694974Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/97999Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21694974Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/97999Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management_essentials 7.1
ibm maximo_for_government 7.1
ibm maximo_for_life_sciences 7.1
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_transportation 7.1
ibm maximo_for_utilities 7.1
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1
ibm tivoli_service_request_manager 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Tivoli IT Asset Management para IT, Tivoli Service Request Manager, y Change y Configuration Management Database 7.1 en versiones hasta 7.1.1.8 y 7.2 y Maximo Asset Management y Maximo Industry Solutions 7.1 en versiones hasta 7.1.1.8, 7.5 en versiones anteriores a 7.5.0.7 IFIX003, y 7.6 en versiones anteriores a 7.6.0.0 IFIX002 permite a los usuarios autenticados remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-0104",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-24T06:59:00.383",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97999"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-26 14:15
Modified
2024-11-21 04:43
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/170961VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6223922Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/170961VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6223922Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6.1.1, es vulnerable a una inyecci\u00f3n SQL. Un atacante remoto podr\u00eda enviar sentencias SQL especialmente dise\u00f1adas, lo que podr\u00eda permitir al atacante visualizar, agregar, modificar o eliminar informaci\u00f3n en la base de datos en el back-end. IBM X-Force ID: 170961"
    }
  ],
  "id": "CVE-2019-4650",
  "lastModified": "2024-11-21T04:43:55.310",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-26T14:15:10.183",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170961"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6223922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170961"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6223922"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-09-14 17:15
Modified
2024-11-21 06:18
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/210163VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6620059Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/210163VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6620059Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_application_suite 8.7
ibm maximo_application_suite 8.8
ibm maximo_asset_management 7.6.1.1
ibm maximo_asset_management 7.6.1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "707645A1-FCA2-4DCB-B1F2-C616B31E3A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2068C00F-70DC-440F-A9E4-7624683F015F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.1.1 y 7.6.1.2, podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando es devuelto un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda usarse en otros ataques contra el sistema. IBM X-Force ID: 210163"
    }
  ],
  "id": "CVE-2021-38924",
  "lastModified": "2024-11-21T06:18:13.040",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-14T17:15:10.053",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210163"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6620059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6620059"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-11-09 16:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/106140Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/151330VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10737461Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106140Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/151330VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10737461Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 151330."
    }
  ],
  "id": "CVE-2018-1872",
  "lastModified": "2024-11-21T04:00:30.953",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-09T16:29:00.230",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106140"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151330"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10737461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10737461"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-03-14 01:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21977828Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21977828Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.3
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.5.0.9
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_asset_management 7.6.0.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F919705D-1394-4443-BE46-117F41A38D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1.1 hasta la versi\u00f3n 7.1.1.3, 7.5.0 en versiones anteriores a 7.5.0.9 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
    }
  ],
  "id": "CVE-2016-0262",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-03-14T01:59:02.590",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977828"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-03-13 03:12
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name.
References
psirt@us.ibm.comhttp://secunia.com/advisories/48299
psirt@us.ibm.comhttp://secunia.com/advisories/48305
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV09198
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/52333
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/72612
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48305
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/72612
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management_essentials 6.2
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm trivoli_service_request_manager 7.1
ibm trivoli_service_request_manager 7.2
ibm maximo_service_desk 6.2
ibm tivoli_change_and_configuration_management_database 6.2
ibm tivoli_change_and_configuration_management_database 7.1
ibm tivoli_change_and_configuration_management_database 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5878EF6C-4C54-4BFB-A58A-DBBB96664E8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FF0043-7A28-4ECB-9888-6FB057A766B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33DD3C44-B7B9-4FFF-8445-7C2C084F7DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4D3BE7-A7F0-431D-BB07-28DC94E8590F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A53DB8A-5966-4D70-A254-C098DB12B0B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) el componente \"Start Center Layout and Configuration\" de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, t 7.5; IBM Tivoli Asset Management para IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change y Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del \"display name\"."
    }
  ],
  "id": "CVE-2012-0195",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-13T03:12:26.197",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2025-01-24 16:15
Modified
2025-08-14 15:18
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system.
References
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7174819Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system."
    },
    {
      "lang": "es",
      "value": "La API MXAPIASSET de IBM Maximo Asset Management 7.6.1.3 es vulnerable a la carga de archivos sin restricciones, lo que permite que usuarios autenticados con pocos privilegios carguen tipos de archivos restringidos con un m\u00e9todo simple de agregar un punto al final del nombre del archivo si Maximo est\u00e1 instalado en el sistema operativo Windows sistema."
    }
  ],
  "id": "CVE-2024-45077",
  "lastModified": "2025-08-14T15:18:56.307",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-01-24T16:15:36.903",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7174819"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-98"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-04-28 18:15
Modified
2024-11-21 07:53
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 249327.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/249327VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6983460Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/249327VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6983460Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.2
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.  IBM X-Force ID:  249327."
    }
  ],
  "id": "CVE-2023-27864",
  "lastModified": "2024-11-21T07:53:36.053",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-28T18:15:26.323",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249327"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6983460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6983460"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-13 14:15
Modified
2024-11-21 04:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/167451VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6245696Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/167451VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6245696Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management *
ibm maximo_asset_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09D8BBE4-26EC-4488-95B7-32B46C574CA9",
              "versionEndExcluding": "7.6.0.10",
              "versionStartIncluding": "7.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C55730A-B02C-4EBF-BBB1-0BEB566D8817",
              "versionEndExcluding": "7.6.1.1",
              "versionStartIncluding": "7.6.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, no invalida la sesi\u00f3n despu\u00e9s del cierre de sesi\u00f3n, lo que podr\u00eda permitir a un usuario local hacerse pasar por otro usuario en el sistema. ID de IBM X-Force: 167451"
    }
  ],
  "id": "CVE-2019-4591",
  "lastModified": "2024-11-21T04:43:46.627",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-13T14:15:10.867",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167451"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6245696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167451"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6245696"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-384"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-02 21:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21970799Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21970799Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_government 7.5
ibm maximo_for_life_sciences 7.5
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_transportation 7.5
ibm maximo_for_utilities 7.5
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "El Scheduler en IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6 y 7.6 en versiones anteriores a 7.6.0.1 FP1 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.1 FP1 para SmartCloud Control Desk permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso, y obtener informaci\u00f3n sensible o datos modificados, a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-7396",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-02T21:59:02.343",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-02-18 17:15
Modified
2024-11-21 01:53
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
References
cve@mitre.orghttp://www.securityfocus.com/bid/62685Third Party Advisory, VDB Entry
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240VDB Entry, Vendor Advisory
cve@mitre.orghttps://www.ibm.com/support/pages/node/235239Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/62685Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/235239Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 6.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management_essentials 6.2
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_government 6.2
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5
ibm maximo_for_life_sciences 6.2
ibm maximo_for_life_sciences 6.4
ibm maximo_for_life_sciences 6.5
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5
ibm maximo_for_nuclear_power 6.2
ibm maximo_for_nuclear_power 6.3
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_oil_and_gas 6.2
ibm maximo_for_oil_and_gas 6.3
ibm maximo_for_oil_and_gas 6.4
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_transportation 6.2
ibm maximo_for_transportation 6.3
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5
ibm maximo_for_utilities 6.2
ibm maximo_for_utilities 6.3
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.5
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1
ibm tivoli_service_request_manager 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "095A16F3-FA2C-4D0D-BA04-597FB2FF03FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "235F85B1-345A-4CE2-9DBE-A03D49D14583",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "450D430F-6E81-4DD5-9D64-3676B2D3C16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3749FF3-86DE-40CA-8A04-0987C47EA1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EC5EC94-7A48-487E-BCCC-8B434E8735E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E78E1CA-83D8-4497-AF4E-A017B778107A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2906AF03-C662-4EBF-A3A3-E79DE4831F08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3054179C-29D4-4098-816C-85A2CAE4103F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B97B731D-8002-43D8-BF43-B32B852D0BEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DC611AA-993B-4C91-9EF8-ACA3D3E11F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6476767B-52DD-4A29-A379-96BFE964CA4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDCDD396-CFB4-4AC9-A025-4E132FC333E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01048E18-A71F-4AC7-971E-6CE772ACE81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de escalada de privilegios en IBM Maximo Asset Management versiones 7.5, 7.1 y 6.2, cuando WebSeal con Autenticaci\u00f3n B\u00e1sica es usado, debido a un fallo al invalidar la sesi\u00f3n de autenticaci\u00f3n, lo que podr\u00eda permitir a un usuario malicioso obtener acceso no autorizado."
    }
  ],
  "id": "CVE-2013-3323",
  "lastModified": "2024-11-21T01:53:23.740",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-18T17:15:12.597",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62685"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/235239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/235239"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-10-24 12:15
Modified
2024-11-21 04:43
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/164070VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1075023Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/164070VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1075023Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management *
ibm maximo_asset_management *
ibm maximo_for_aviation 7.6
ibm maximo_for_aviation 7.6.1
ibm maximo_for_aviation 7.6.2
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.0
ibm maximo_for_oil_and_gas 7.6.0
ibm maximo_for_transportation 7.6.1
ibm maximo_for_transportation 7.6.2
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6
ibm smartcloud_control_desk 7.6.0
ibm smartcloud_control_desk 7.6.0.1
ibm tivoli_integration_composer 7.2.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09D8BBE4-26EC-4488-95B7-32B46C574CA9",
              "versionEndExcluding": "7.6.0.10",
              "versionStartIncluding": "7.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C55730A-B02C-4EBF-BBB1-0BEB566D8817",
              "versionEndExcluding": "7.6.1.1",
              "versionStartIncluding": "7.6.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ED8884A-10E2-41F8-B057-126F5503D5F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B1037D-F4D1-4CD6-BBD7-6E72EB4A1620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AF2B2A-A380-45BA-867F-11F0FD159590",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 164070."
    }
  ],
  "id": "CVE-2019-4486",
  "lastModified": "2024-11-21T04:43:39.853",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-24T12:15:12.070",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1075023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1075023"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-04-27 19:15
Modified
2024-11-21 07:53
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/249207VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6985679Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/249207VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6985679Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.2
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message.  This information could be used in further attacks against the system.  IBM X-Force ID:  249207."
    }
  ],
  "id": "CVE-2023-27860",
  "lastModified": "2024-11-21T07:53:35.667",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-27T19:15:20.253",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249207"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6985679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6985679"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV22698
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/78039
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/78039
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management_essentials 6.2.0.0
ibm maximo_asset_management_essentials 7.5.0.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.1.0.0
ibm tivoli_service_request_manager 7.2.0.0
ibm maximo_service_desk 6.2
ibm change_and_configuration_management_database 7.1.
ibm change_and_configuration_management_database 7.2.0
ibm smartcloud_control_desk 7.5.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.:*:*:*:*:*:*:*",
              "matchCriteriaId": "13CD271A-72E0-4730-A936-87B5122D9E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management v6.2 hasta v7.5, Maximo Asset Management Essentials v6.2 hasta v7.5, Tivoli Asset Management for IT v6.2 hasta v7.2, Tivoli Service Request Manager v7.1 y v7.2, Maximo Service Desk v6.2, Change and Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5 que permite ataques remotos que inyectan comandos web o HTML a trav\u00e9s de vectores relacionados con una acci\u00f3n de registro."
    }
  ],
  "id": "CVE-2012-3327",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-20T12:09:21.990",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-03 05:59
Modified
2025-04-12 10:46
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21970797Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21970797Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6
ibm maximo_asset_management_essentials 7.5
ibm maximo_asset_management_essentials 7.6
ibm maximo_for_government 7.5
ibm maximo_for_life_sciences 7.5
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_transportation 7.5
ibm maximo_for_utilities 7.5
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB43A8FB-E429-4BD4-8787-E538352D8D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6 y 7.6 en versiones anteriores a 7.6.0.2 IF1 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.2 IF1 para SmartCloud Control Desk permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso en resultados de consulta a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-5051",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-03T05:59:09.990",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-08-13 12:15
Modified
2024-11-21 04:43
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/167288VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6258321Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/167288VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6258321Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, podr\u00edan permitir a un atacante remoto saltar directorios en el sistema. Un atacante podr\u00eda enviar una petici\u00f3n de URL especialmente dise\u00f1ada que contenga secuencias \"dot dot\" (/../) para visualizar archivos arbitrarios en el sistema. IBM X-Force ID: 167288"
    }
  ],
  "id": "CVE-2019-4582",
  "lastModified": "2024-11-21T04:43:46.107",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-13T12:15:17.403",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167288"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6258321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167288"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6258321"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-10-04 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21965080Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21965080Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_government 7.5.0.6
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_life_sciences 7.5.0.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_nuclear_power 7.5.0.6
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_oil_and_gas 7.5.0.6
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_transportation 7.5.0.6
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_for_utilities 7.5.0.6
ibm smartcloud_control_desk 7.5
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.2.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX001 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX001 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos no tienen un atributo off autocomplete para el campo password, lo que facilita a atacantes remotos obtener acceso aprovechando una estaci\u00f3n de trabajo desatendida."
    }
  ],
  "evaluatorComment": "Per http://www-01.ibm.com/support/docview.wss?uid=swg21965080:\n\" This vulnerability could allow a local attacker to obtain account access.\"",
  "id": "CVE-2015-1933",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-04T02:59:00.097",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
References
psirt@us.ibm.comhttp://osvdb.org/85185
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV09212
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/75776
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/85185
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75776
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 6.2.0.0
ibm maximo_asset_management 7.1.0.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "789E00F7-D6CD-4F8C-B785-CB17DB11AEDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en IBM Maximo Asset Management 6.2 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de vectores no especificados."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/384.html\r\n\r\n\u0027CWE-384: Session Fixation\u0027",
  "id": "CVE-2012-2183",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-10T17:55:01.367",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://osvdb.org/85185"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75776"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/85185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75776"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-09-21 17:15
Modified
2025-05-28 14:15
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/236311VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6621599Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/236311VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6621599Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.1
ibm maximo_asset_management 7.6.1.2
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.1.1, 7.6.1.2 y 7.6.1.3, podr\u00edan permitir a un usuario omitir la autenticaci\u00f3n y obtener informaci\u00f3n confidencial o llevar a cabo tareas a las que no deber\u00eda tener acceso. IBM X-Force ID: 236311"
    }
  ],
  "id": "CVE-2022-40616",
  "lastModified": "2025-05-28T14:15:30.810",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-21T17:15:09.700",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236311"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6621599"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6621599"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV39089
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/84849
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV39089
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/84849
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 anterior a la versi\u00f3n 7.1.1.12 y 7.5 anterior a la versi\u00f3n 7.5.0.5 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2013-3972",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-01T11:14:43.797",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39089"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84849"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84849"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-04-26 17:59
Modified
2025-04-20 01:37
Severity ?
5.6 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21996256Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/98023Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21996256Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/98023Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 118537."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1, 7.5 y 7.6 podr\u00edan permitir a un atacante remoto secuestrar la sesi\u00f3n de un usuario debido a un error de validaci\u00f3n del identificador de sesi\u00f3n."
    }
  ],
  "id": "CVE-2016-8924",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-26T17:59:00.173",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21996256"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21996256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98023"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-01-19 02:15
Modified
2024-11-21 08:30
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/271843VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7107738Patch, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7107740Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/271843VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7107738Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7107740Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_application_suite *
ibm maximo_application_suite *
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DB891EC-E752-439B-BCA7-3C4B8A44C52B",
              "versionEndExcluding": "8.10.6",
              "versionStartIncluding": "8.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13818541-5D8C-47BF-83A1-03C3B3DA7699",
              "versionEndIncluding": "8.11.2",
              "versionStartIncluding": "8.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  IBM X-Force ID:  271843."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.6.1.3 y Manage Component 8.10 a 8.11 son vulnerables a cross-site request forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que conf\u00eda el sitio web. ID de IBM X-Force: 271843."
    }
  ],
  "id": "CVE-2023-47718",
  "lastModified": "2024-11-21T08:30:44.097",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-19T02:15:07.757",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271843"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7107738"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7107740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7107738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7107740"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-02-08 22:59
Modified
2025-04-20 01:37
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21988252Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/92535Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21988252Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/92535Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6
ibm maximo_for_aviation 7.1
ibm maximo_for_aviation 7.5
ibm maximo_for_aviation 7.6
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_energy_optimization 7.5
ibm maximo_for_energy_optimization 7.6
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5
ibm maximo_for_government 7.6
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_nuclear_power 7.6
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_oil_and_gas 7.6
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5
ibm maximo_for_transportation 7.6
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5
ibm maximo_for_utilities 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA2E94D6-C670-417D-8BC7-6D57FC881735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99E35AE-83AD-4B46-8D1B-D55213547863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "805C1AA0-2515-481F-8DC2-B8DDB567B112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9588B376-E159-4CF8-AA3C-70FBBFCB3ED5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F39CC0B-40C9-434B-9257-A72D04D5CED0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B15803-D203-4620-B4CF-0F417C7A9B79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED14563B-CA07-4CEF-B46B-672F06D08B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7759191C-5D16-4937-BC80-5A47FE4F9DD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management es vulnerable a XSS. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz Web alterando as\u00ed la funcionalidad intencionada conduciendo potencialmente a la divulgaci\u00f3n de credenciales en una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-5902",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-08T22:59:00.573",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21988252"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21988252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92535"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV23511
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80749
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80749
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.0
ibm smartcloud_control_desk 7.5.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management v7.5, Maximo Asset Management Essentials v7.5, y v7.5 SmartCloud Control Desk  permite a usuarios remotos autenticados obtener privilegios y eludir las restricciones destinadas a las operaciones de b\u00fasqueda de activos a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-6357",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-20T12:09:22.583",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://secunia.com/advisories/55070
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV43491
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/86064
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55070
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV43491
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/86064
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.2 hasta la versi\u00f3n 6.2.8, 7.1 hasta 7.1.1.12, y 7.5 anterior a la versi\u00f3n 7.5.0.5 permite a usuarios remotos autenticados evadir restricciones de acceso intencionadas a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2013-4027",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-01T11:14:44.047",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV43491"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV43491"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86064"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-08-27 16:15
Modified
2024-11-21 06:01
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/201694VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6484391Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/201694VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6484391Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_application_suite 8.4
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F41112B7-EF72-42A6-883C-889B39DAE47C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, conllevando potencialmente a una divulgaci\u00f3n de credenciales en una sesi\u00f3n confiable. IBM X-Force ID: 201694."
    }
  ],
  "id": "CVE-2021-29744",
  "lastModified": "2024-11-21T06:01:43.657",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-27T16:15:07.073",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201694"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6484391"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6484391"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-05-05 19:15
Modified
2025-01-29 16:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/239436VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6983534
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/239436VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6983534
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.2
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  239436."
    }
  ],
  "id": "CVE-2022-43866",
  "lastModified": "2025-01-29T16:15:30.807",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-05-05T19:15:15.157",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239436"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://www.ibm.com/support/pages/node/6983534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239436"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.ibm.com/support/pages/node/6983534"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV52829
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90500
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/90500
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.0
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.1.1.7
ibm change_and_configuration_management_database 7.1.1.8
ibm change_and_configuration_management_database 7.1.1.12
ibm maximo_service_desk 7.1.1.7
ibm maximo_service_desk 7.1.1.8
ibm maximo_service_desk 7.1.1.12
ibm tivoli_it_asset_management_for_it 7.1.1.7
ibm tivoli_it_asset_management_for_it 7.1.1.8
ibm tivoli_it_asset_management_for_it 7.1.1.12
ibm tivoli_service_request_manager 7.0
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.1.1
ibm tivoli_service_request_manager 7.1.1.7
ibm tivoli_service_request_manager 7.1.1.8
ibm tivoli_service_request_manager 7.1.1.12
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.12


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F43D0468-F9D7-40E5-A565-3EAA7FFEC10D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDE55FC-2179-48D6-89B3-72783B313D66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "396F80FF-BD2E-46A4-8A44-21CC35F42E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E6C4892-87F1-4067-9624-3E1931C5EE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8D102E6-18FF-4BC7-83BC-77946101864C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A006BC3C-BD49-4D46-833E-BFE1ED3D0E24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.x anterior a 7.1.1.8 LAFIX.20140319-0839 y 7.1.1.12 anterior a IFIX.20140321-1336 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x anterior a 7.1.1.8 LAFIX.20140319-0839 y 7.1.1.12 anterior a IFIX.20140218-1510 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL adjunta."
    }
  ],
  "id": "CVE-2014-0824",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-05-26T16:55:03.067",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV50316
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/89857
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/89857
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm change_and_configuration_management_database 7.1.1.7
ibm maximo_service_desk 7.1.1.7
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_it_asset_management_for_it 7.1.1.7
ibm tivoli_service_request_manager 7.0
ibm tivoli_service_request_manager 7.1.0.0
ibm tivoli_service_request_manager 7.1.1
ibm tivoli_service_request_manager 7.1.1.7
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.x anterior a 7.1.1.7 LAFIX.20140319-0837 y 7.5.x anterior a 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 permite a usuarios remotos autenticados obtener informaci\u00f3n de traza de pila potencialmente sensible mediante la provocaci\u00f3n de un error Birt."
    }
  ],
  "id": "CVE-2013-6741",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T16:55:03.003",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-03-13 03:12
Modified
2025-04-11 00:51
Severity ?
Summary
The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account.
References
psirt@us.ibm.comhttp://secunia.com/advisories/48299
psirt@us.ibm.comhttp://secunia.com/advisories/48305
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV09197
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/52333
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/72004
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48305
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/72004
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management_essentials 6.2
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm trivoli_service_request_manager 7.1
ibm trivoli_service_request_manager 7.2
ibm maximo_service_desk 6.2
ibm tivoli_change_and_configuration_management_database 6.2
ibm tivoli_change_and_configuration_management_database 7.1
ibm tivoli_change_and_configuration_management_database 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5878EF6C-4C54-4BFB-A58A-DBBB96664E8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FF0043-7A28-4ECB-9888-6FB057A766B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33DD3C44-B7B9-4FFF-8445-7C2C084F7DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4D3BE7-A7F0-431D-BB07-28DC94E8590F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A53DB8A-5966-4D70-A254-C098DB12B0B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account."
    },
    {
      "lang": "es",
      "value": "La opci\u00f3n \"About\" del men\u00fa de ayuda de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1 y 7.5; IBM Tivoli Asset Management para IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change y Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2 muestra el nombre de usuario, lo que permite a atacantes remotos autenticados tener un impacto sin especificar a trav\u00e9s de un ataque dirigido a la cuenta de usuario correspondiente."
    }
  ],
  "id": "CVE-2011-4817",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-13T03:12:26.087",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV35721Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/84844
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV35721Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/84844
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 anterior a la versi\u00f3n 7.1.1.12 y 7.5 anterior a 7.5.0.5 permite a usuarios remotos autenticados obtener privilegios a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2013-3047",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-01T11:14:43.703",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV35721"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV35721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84844"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-03-13 03:12
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users.
References
cve@mitre.orghttp://secunia.com/advisories/48299
cve@mitre.orghttp://secunia.com/advisories/48305
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1IV09193
cve@mitre.orghttp://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/52333
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/72000
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48305
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/72000
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management_essentials 6.2
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm trivoli_service_request_manager 7.1
ibm trivoli_service_request_manager 7.2
ibm maximo_service_desk 6.2
ibm tivoli_change_and_configuration_management_database 6.2
ibm tivoli_change_and_configuration_management_database 7.1
ibm tivoli_change_and_configuration_management_database 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5878EF6C-4C54-4BFB-A58A-DBBB96664E8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FF0043-7A28-4ECB-9888-6FB057A766B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33DD3C44-B7B9-4FFF-8445-7C2C084F7DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4D3BE7-A7F0-431D-BB07-28DC94E8590F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A53DB8A-5966-4D70-A254-C098DB12B0B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la p\u00e1gina \"Labor Reporting\" de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios."
    }
  ],
  "id": "CVE-2011-1397",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-03-13T03:12:25.993",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV17963
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74306
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV17963
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74306
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a usuarios remotos autenticados ejecutar SQL arbitrario \u00f3rdenes a trav\u00e9s de vectores"
    }
  ],
  "id": "CVE-2012-0727",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-10T17:55:01.070",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17963"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17963"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74306"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-01-09 08:15
Modified
2024-11-21 07:11
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/230635VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6852669Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/230635VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6852669Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_application_suite 8.3
ibm maximo_application_suite 8.4
ibm maximo_asset_management 7.6.1.1
ibm maximo_asset_management 7.6.1.2
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EC549A8-8A0A-4849-884F-5B470BB41F14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F41112B7-EF72-42A6-883C-889B39DAE47C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection.  IBM X-Force ID:  2306335."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 y la aplicaci\u00f3n IBM Maximo Manage 8.3, 8.4 en IBM Maximo Application Suite son vulnerables a la inyecci\u00f3n CSV. ID de IBM X-Force: 2306335."
    }
  ],
  "id": "CVE-2022-35281",
  "lastModified": "2024-11-21T07:11:02.170",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-01-09T08:15:12.883",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230635"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6852669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6852669"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1236"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-11-30 11:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21988253Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/93871Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21988253Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/93871Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.5.0.9
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_asset_management 7.6.0.3
ibm maximo_asset_management 7.6.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29858665-FA68-4EDE-A0E7-6C79E8786871",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.10 IF3 y 7.6 en versiones anteriores a 7.6.0.5 IF2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-5905",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-30T11:59:26.187",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988253"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93871"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-03-13 03:12
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/.
References
psirt@us.ibm.comhttp://secunia.com/advisories/48299
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV09202
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/52333
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/72008
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/72008
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management_essentials 6.2
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5. Permiten a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro uisesionid de (1) maximo.jsp o (2) la URI por defecto bajo ui/."
    }
  ],
  "id": "CVE-2011-4819",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-03-13T03:12:26.167",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72008"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-02-18 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21694974Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/99606
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21694974Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/99606
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management_essentials 7.1
ibm maximo_for_government 7.1
ibm maximo_for_life_sciences 7.1
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_transportation 7.1
ibm maximo_for_utilities 7.1
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1
ibm tivoli_service_request_manager 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1 hasta 7.1.1.8, y Maximo Asset Management 7.1 hasta 7.1.1.8 y 7.2 para Tivoli IT Asset Management para IT y ciertos otros productos, permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2015-0104, CVE-2015-0107, y CVE-2015-0108."
    }
  ],
  "id": "CVE-2015-0109",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-02-18T02:59:01.423",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99606"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://secunia.com/advisories/55070
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV42664
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/85796
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55070
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV42664
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/85796
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 6.2 hasta la versi\u00f3n 6.2.8 y 7.1 anterior a 7.1.1.12 permite a usuarios remotos autenticados inyectar script web arbitrario o HTML a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2013-4019",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-10-01T11:14:43.937",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42664"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85796"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-06 01:29
Modified
2024-11-21 04:03
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/155554VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10880145Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/155554VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10880145Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm control_desk 7.6.0
ibm control_desk 7.6.0.1
ibm maximo_asset_management 7.6
ibm maximo_for_aviation 7.6
ibm maximo_for_aviation 7.6.1
ibm maximo_for_aviation 7.6.2
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.0
ibm maximo_for_oil_and_gas 7.6.0
ibm maximo_for_transportation 7.6.1
ibm maximo_for_transportation 7.6.2
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6
ibm smartcloud_control_desk -
ibm tivoli_integration_composer -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6 podr\u00eda permitir que un usuario autenticado sustituya una p\u00e1gina de destino por un sitio de phishing, lo que permitir\u00eda al atacante obtener informaci\u00f3n muy confidencial. ID de IBM X-Force: 155554."
    }
  ],
  "id": "CVE-2018-2028",
  "lastModified": "2024-11-21T04:03:36.460",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-06T01:29:00.227",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV20344
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/77960
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV20344
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/77960
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Tivoli Asset Management for IT, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-3326",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-10T17:55:01.537",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20344"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77960"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-11-30 11:59
Modified
2025-04-12 10:46
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21990449Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/93511Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21990449Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/93511Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1.0.0
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.3
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.5.0.9
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_asset_management 7.6.0.3
ibm maximo_asset_management 7.6.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F919705D-1394-4443-BE46-117F41A38D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29858665-FA68-4EDE-A0E7-6C79E8786871",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5 en versiones anteriores a 7.5.0.10 IF4 y 7.6 en versiones anteriores a 7.6.0.5 IF3 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n HTTP manipulada que desencadena las construcci\u00f3n de un mensaje de error de tiempo de ejecuci\u00f3n."
    }
  ],
  "id": "CVE-2016-5987",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-30T11:59:27.297",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990449"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990449"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93511"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-02-17 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21695597Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/96141
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21695597Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/96141
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.0.5
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1
ibm tivoli_service_request_manager 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5.0 anterior a 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos no manejan correctamente las acciones de cierre de sesi\u00f3n, lo que permite a atacantes remotos evadir las restricciones de acceso a Cognos BI Direct Integration mediante el aprovechamiento de un estaci\u00f3n de trabajo desatendida."
    }
  ],
  "evaluatorComment": "Per an \u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21695597\"\u003eIBM Security Bulletin\u003c/a\u003e IBM identifies access vector as local",
  "id": "CVE-2014-6102",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-02-17T01:59:00.053",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-08-30 17:15
Modified
2024-11-21 06:01
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201693.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/201693VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6484679Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/201693VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6484679Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_application_suite *
ibm maximo_asset_management *
ibm maximo_asset_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A07839-59FA-4622-9F6A-B5F7881B139F",
              "versionEndIncluding": "8.4",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C441DA-7C73-4E3C-BB49-4504767AA15B",
              "versionEndIncluding": "7.6.0.10",
              "versionStartIncluding": "7.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FBE1BB8-F5E8-4963-92C3-A4738CC9CA71",
              "versionEndIncluding": "7.6.1.2",
              "versionStartIncluding": "7.6.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201693."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista, conllevando potencialmente a una divulgaci\u00f3n de credenciales en una sesi\u00f3n confiable. IBM X-Force ID: 201693."
    }
  ],
  "id": "CVE-2021-29743",
  "lastModified": "2024-11-21T06:01:43.533",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-30T17:15:07.573",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201693"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6484679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6484679"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-16 16:15
Modified
2024-11-21 05:32
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/179537VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6333091Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/179537VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6333091Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm control_desk 7.6.1
ibm control_desk 7.6.1.1
ibm maximo_asset_configuration_manager 7.6.6
ibm maximo_asset_configuration_manager 7.6.7
ibm maximo_asset_configuration_manager 7.6.7.1
ibm maximo_asset_health_insights 7.6.1
ibm maximo_asset_health_insights 7.6.1.1
ibm maximo_asset_management *
ibm maximo_asset_management_scheduler 7.6.7
ibm maximo_asset_management_scheduler 7.6.7.1
ibm maximo_asset_management_scheduler 7.6.7.3
ibm maximo_asset_management_scheduler_plus 7.6.7
ibm maximo_asset_management_scheduler_plus 7.6.7.1
ibm maximo_asset_management_scheduler_plus 7.6.7.3
ibm maximo_calibration 7.6
ibm maximo_enterprise_adapter 7.6
ibm maximo_enterprise_adapter 7.6.1
ibm maximo_equipment_maintenance_assistant -
ibm maximo_for_aviation 7.6.6
ibm maximo_for_aviation 7.6.7
ibm maximo_for_aviation 7.6.8
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.1
ibm maximo_for_oil_and_gas 7.6.1
ibm maximo_for_service_providers 7.6.3.1
ibm maximo_for_service_providers 7.6.3.2
ibm maximo_for_service_providers 7.6.3.3
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_transportation 7.6.2.5
ibm maximo_for_utilities 7.6.0.1
ibm maximo_for_utilities 7.6.0.2
ibm maximo_linear_asset_manager 7.6.0
ibm maximo_linear_asset_manager 7.6.0.2
ibm maximo_linear_asset_manager 7.6.0.3
ibm maximo_network_on_blockchain 7.6.0.0
ibm maximo_network_on_blockchain 7.6.0.1
ibm maximo_spatial_asset_management 7.6.0.2
ibm maximo_spatial_asset_management 7.6.0.3
ibm maximo_spatial_asset_management 7.6.0.4
ibm maximo_spatial_asset_management 7.6.0.5
ibm tivoli_integration_composer 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "830412EF-C21D-4455-9396-06222B32F61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B9EA821-8DC7-4D08-B516-CA8D0692DD29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31FDF238-C29E-4F15-AB54-C90226BC0A69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA8E3FBA-9DBB-487E-99AD-5E1119150D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4989C34-4B4E-4E53-A13E-13667DCBB19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63D81A1F-4A22-4DAD-B5BE-EA825DF9C4CB",
              "versionEndExcluding": "7.6.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDD061C9-2D80-48CF-B660-68948B03F3C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "28402BF3-15EC-41F5-AD53-EC196CF3F345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "81A99155-0D86-4998-AC74-2FECE3AF277F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "69E511EF-7DE6-42CA-848C-E0FF2D04AB19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5021AA5-A4D4-4E5F-85A8-CFF038EBD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B80B0192-3ECE-4B44-B060-F6CE54A744C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_calibration:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "768BB000-6ED2-4289-8BCA-66981EC95BB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A20FB3-C352-4F5C-BD5A-5814BBA837DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C2AB76-29C5-46BD-ABAD-37913D3A4675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_equipment_maintenance_assistant:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEED2F57-E98D-479E-8303-2188AFA0C70B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4317DA0E-678D-468F-8BE4-8BA20C01C588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB202BE-FF6E-49AC-84FF-F454361E5D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C05DA047-26F7-413E-8259-5F88C08AE2B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "532219AE-9F4D-49B0-A625-A690C9E8A7DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "160EE7B0-4F54-41F7-9266-C22776783BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19405179-FDEF-4207-B12F-C39D49B49F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBE6121-5166-4C7A-B4BA-4D5F46720EC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F66129CF-729D-4120-912E-E8109CF1E237",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BDF6664-537E-4CF8-9CCA-7C4746DE9B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F416A57-7B00-411D-B2D5-5BCB434568DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "73EEADC8-01D0-4D80-83E4-1643603485CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7240562-D72E-4D3E-B392-3FB870320B60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C32832CB-63FC-4F9E-81A4-3A8CE2F98319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D23F86AC-2C39-42DC-83EF-3BA2DBF99A1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6CFC29-9FD2-4BE5-9A66-6FA6F94C0D7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BC0DF05-9B84-45B8-924E-E4CB672F7C45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D799591-F5D0-4B17-AE32-ABED616A65AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "095BBF20-1C8F-4FBC-8D72-3A3DB5A3F68F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0B3B2C5-E8D0-48A1-9837-40A627D7E742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E59EA84-F607-404B-A392-7D68C5672B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "21C989DE-2E87-4941-B0DA-9381964E2292",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, podr\u00edan permitir a un atacante remoto conducir ataques de phishing usando un ataque de tabnabbing.\u0026#xa0;Al persuadir a una v\u00edctima de visitar un sitio web especialmente dise\u00f1ado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para redireccionar a un usuario a un sitio web malicioso que parecer\u00eda ser confiable.\u0026#xa0;Esto podr\u00eda permitir a un atacante obtener informaci\u00f3n altamente confidencial o conducir nuevos ataques contra la v\u00edctima.\u0026#xa0;IBM X-Force ID: 179537"
    }
  ],
  "id": "CVE-2020-4409",
  "lastModified": "2024-11-21T05:32:42.300",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.0,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-16T16:15:15.030",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6333091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6333091"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-03-13 10:15
Modified
2025-01-14 20:10
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/266875Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7138684Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7138686Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/266875Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7138684Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7138686Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_application_suite 8.10
ibm maximo_application_suite 8.11
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD9CA1C5-A903-4002-B9D3-430412676544",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB312A14-314B-4AD0-941C-A6AE1EC0D592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.  IBM X-Force ID:  255075."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Application Suite 8.10, 8.11 e IBM Maximo Asset Management 7.6.1.3 almacenan informaci\u00f3n confidencial en par\u00e1metros de URL. Esto puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n si partes no autorizadas tienen acceso a las URL a trav\u00e9s de los registros del servidor, el encabezado de referencia o el historial del navegador. ID de IBM X-Force: 255075."
    }
  ],
  "id": "CVE-2023-32335",
  "lastModified": "2025-01-14T20:10:32.063",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-03-13T10:15:07.413",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266875"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7138684"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7138686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266875"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7138684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7138686"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-598"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-11-08 03:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21969072Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21969072Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.5.0.9
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_government 7.5.0.6
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_life_sciences 7.5.0.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_nuclear_power 7.5.0.6
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_oil_and_gas 7.5.0.6
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_transportation 7.5.0.6
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_for_utilities 7.5.0.6
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.6
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.2.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX005 y 7.6.0 en versiones anteriores a 7.6.0.2 FP002; Maximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.8 IFIX005, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.2 FP002 para SmartCloud Control Desk y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros productos permite a usuarios remotos autenticados eludir las restricciones destinadas al cambio de orden de trabajo a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-7395",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-11-08T03:59:00.117",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-10-06 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21966194Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21966194Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_government 7.5.0.6
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_life_sciences 7.5.0.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_nuclear_power 7.5.0.6
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_oil_and_gas 7.5.0.6
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_transportation 7.5.0.6
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_for_utilities 7.5.0.6
ibm smartcloud_control_desk 7.5
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.2.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file."
    },
    {
      "lang": "es",
      "value": "maximouiweb/webmodule/webclient/utility/merlin.jsp en IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX002 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management para IT y otros ciertos productos permite a usuarios remotos autenticados obtener informaci\u00f3n sensible mediante la lectura de un archivo de (1) respaldo o (2) aplicaci\u00f3n de depuraci\u00f3n."
    }
  ],
  "id": "CVE-2015-4965",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-06T01:59:11.360",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-09-13 15:29
Modified
2024-11-21 04:00
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. IBM X-Force ID: 145967.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/105343Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/145967VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10728857Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/105343Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/145967VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10728857Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12CF50F5-F353-40DF-B3BB-ADC75971D265",
              "versionEndIncluding": "7.6.3",
              "versionStartIncluding": "7.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. IBM X-Force ID: 145967."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management, desde la versi\u00f3n 7.6 hasta la 7.6.3, podr\u00eda permitir que un usuario no autenticado obtenga informaci\u00f3n sensible de los mensajes de error. IBM X-Force ID: 145967."
    }
  ],
  "id": "CVE-2018-1698",
  "lastModified": "2024-11-21T04:00:13.247",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-13T15:29:00.263",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105343"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145967"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10728857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10728857"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-03-12 15:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21974938Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21974938Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.1.1
ibm change_and_configuration_management_database 7.1.1.2
ibm change_and_configuration_management_database 7.1.1.3
ibm change_and_configuration_management_database 7.1.1.4
ibm change_and_configuration_management_database 7.1.1.5
ibm change_and_configuration_management_database 7.1.1.6
ibm change_and_configuration_management_database 7.2
ibm change_and_configuration_management_database 7.2.0.1
ibm change_and_configuration_management_database 7.2.0.2
ibm change_and_configuration_management_database 7.2.1
ibm change_and_configuration_management_database 7.2.1.1
ibm change_and_configuration_management_database 7.2.1.2
ibm change_and_configuration_management_database 7.2.1.3
ibm change_and_configuration_management_database 7.2.1.4
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.5.0.9
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_asset_management 7.6.0.3
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.1
ibm maximo_asset_management_essentials 7.5.0.2
ibm maximo_asset_management_essentials 7.5.0.3
ibm maximo_asset_management_essentials 7.5.0.4
ibm maximo_asset_management_essentials 7.5.0.5
ibm maximo_asset_management_essentials 7.5.0.6
ibm maximo_asset_management_essentials 7.5.0.7
ibm maximo_asset_management_essentials 7.5.0.8
ibm maximo_asset_management_essentials 7.5.0.9
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_government 7.1
ibm maximo_for_government 7.1.1
ibm maximo_for_government 7.5
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.1.1
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.1
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.1.0.1
ibm maximo_for_oil_and_gas 7.1.1.0
ibm maximo_for_oil_and_gas 7.1.2
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_oil_and_gas 7.5.1
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.1.0.1
ibm maximo_for_transportation 7.1.1
ibm maximo_for_transportation 7.1.1.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.1.0
ibm maximo_for_transportation 7.6.0.0
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.1.1
ibm maximo_for_utilities 7.1.2
ibm maximo_for_utilities 7.5
ibm maximo_for_utilities 7.5.0.1
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm smartcloud_control_desk 7.5.1.2
ibm smartcloud_control_desk 7.5.1.3
ibm smartcloud_control_desk 7.5.3
ibm smartcloud_control_desk 7.5.3.1
ibm smartcloud_control_desk 7.6
ibm smartcloud_control_desk 7.6.0.1
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_asset_management_for_it 7.2.0.1
ibm tivoli_asset_management_for_it 7.2.1.0
ibm tivoli_asset_management_for_it 7.2.1.2
ibm tivoli_asset_management_for_it 7.2.2
ibm tivoli_asset_management_for_it 7.2.2.1
ibm tivoli_asset_management_for_it 7.2.2.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.1.0.1
ibm tivoli_service_request_manager 7.1.0.2
ibm tivoli_service_request_manager 7.1.0.3
ibm tivoli_service_request_manager 7.1.0.4
ibm tivoli_service_request_manager 7.1.0.5
ibm tivoli_service_request_manager 7.2
ibm tivoli_service_request_manager 7.2.0.1
ibm tivoli_service_request_manager 7.2.1.0
ibm tivoli_service_request_manager 7.2.1.1
ibm tivoli_service_request_manager 7.2.1.2
ibm tivoli_service_request_manager 7.2.1.3
ibm tivoli_service_request_manager 7.2.1.4
ibm tivoli_service_request_manager 7.2.1.5
ibm tivoli_service_request_manager 7.2.1.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CC8BE0-5DFD-4D51-8C14-333596151E54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59D13A5E-AC99-4632-8987-2C1CC3AC9376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0C5995-8850-4AFE-9008-8ED3DE17E2F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "92B6F032-D50D-43C3-ADF2-C67FAD74A58D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3C5BFF2-8361-485D-9DE5-80323EFAFFB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8194D6-55CE-4760-8F27-4990FFA32F54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A7E369-EBBD-4456-AE47-712CB273F40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4B91AA-C45B-42F8-A7AC-D64DE66B5AA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69D30DA9-2096-421C-AEE3-EA83D2AA5996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F13CF56-5007-413D-A936-B3667E0051D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "019C8B6D-0669-447E-9EB3-F6A9B42797FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9956DF3-70A3-49CD-9145-B0C880D3DACD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC336DAB-A3DE-48B7-AC32-89F46F21887B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7197C12C-5CD7-4F7D-8B38-F792FAABC1FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EE096D4-40A8-4FD8-905C-3B13476BF748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E369397-1BC9-42E3-94AB-1CDB01D4838C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "56F90E1F-C0A0-4D6C-A497-9CC3AAF9ECB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DE37A22-D39D-4B80-BD3B-31009824126B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1ECDC62-A636-4DB4-9C1B-B52722631DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FBE3268-230C-4B1A-B0D9-21B0158EE10F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1297463-A52F-4657-A8D0-366B34C6534E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "926B2AE3-B65D-4A36-8B0D-4B0EB42D99A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26E20654-F96C-4753-85F3-5D956F433D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3795A39-8488-4F09-A7B5-600D4F8E7FD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0773CDA-CE18-4717-9C12-8CFD8848EEBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D874CE6A-1885-4EB7-B77E-3D22C208E55B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2CEE0F-EF29-4D41-8E74-0538CAF9D612",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA87EC4-0CBB-4173-BA0B-DD633D271442",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6442C6D-E74B-47A0-9701-5461F651976F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F82E2804-9085-45AA-A97E-974CE652DF1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5543E50-0B54-405B-A10A-06A08FF9E0C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD13DA8-00F5-43CE-BBAE-EB7DE0E46F8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E3DB206-074F-4533-B466-CB73883FA8AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F976949C-D8C6-4567-ADC4-E5C14D0D7C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B1037D-F4D1-4CD6-BBD7-6E72EB4A1620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF1F14EE-6B26-427D-8FFB-94EC042C0FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC2697AF-D5A6-470D-9031-8677BBB20EAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5680D2FE-5D9F-4DB6-9D5B-48A425CD7014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "89B0CE60-ABE6-44BA-95BA-13977D244963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "085C1DEF-0B4B-4070-A665-1382AAD04BBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F0397C-8B0C-49CD-BBB7-F9286EAFD8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCDD59E9-2CC7-459B-B6C9-9EEFB92FCBAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6FDA27E-6933-4346-9DF3-BD0387192FD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EDBC180-B618-49A3-824F-B4DDF119FD69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "25D37ADF-49A6-4EF6-9B69-5EC83DB54CB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E81B34B0-D451-4B33-8F81-36718998C857",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1F47F9-4D3D-439A-BEE8-F270C9BA7B71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87F7EA33-B49A-4283-8A00-9B629508143E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2633424C-ACB6-4AE0-AA25-CAE343C88359",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE4D7F1-66CF-466E-8747-68AA3D23E03A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5683C1E-AEF4-40FF-9069-7391C0BEA343",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0EDB633-C4B8-4770-9B16-94F106C639A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2396D4-D367-4811-AD7C-8B8FEE42B008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "92A3FD84-9497-47B7-8B9C-15DEEF5267F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.9 IFIX003 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.9 IFIX003, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros determinados productos permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-7448",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-03-12T15:59:01.430",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-06-08 21:29
Modified
2025-04-20 01:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21996255Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/97369Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/119039VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21996255Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/97369Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/119039VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view."
    },
    {
      "lang": "es",
      "value": "Maximo Asset Management versiones 7.1, 7.5 y 7.6 de IBM, podr\u00eda permitir a un usuario autenticado visualizar un conjunto de elementos inapropiados que no deber\u00edan tener acceso para visualizaci\u00f3n."
    }
  ],
  "id": "CVE-2016-8987",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-08T21:29:00.503",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21996255"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97369"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21996255"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119039"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-02 21:59
Modified
2025-04-12 10:46
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21972463Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21972463Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_government 7.5
ibm maximo_for_life_sciences 7.5
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_transportation 7.5
ibm maximo_for_utilities 7.5
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 FP9 y 7.6 en versiones anteriores a 7.6.0.3 FP3 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 FP9, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.3 FP3 para SmartCloud Control Desk permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de la API REST."
    }
  ],
  "id": "CVE-2015-7452",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-02T21:59:16.927",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to conduct unspecified file-inclusion attacks via unknown vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://secunia.com/advisories/55070
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV42816Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/85826
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55070
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV42816Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/85826
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to conduct unspecified file-inclusion attacks via unknown vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.2 hasta la versi\u00f3n 6.2.8, 7.1 anterior a 7.1.1.12, y 7.5 anterior a la versi\u00f3n 7.5.0.5 permite a usuarios remotos autenticados llevar a cabo ataques de inclusi\u00f3n de ficheros sin especificar a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2013-4021",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-01T11:14:44.017",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42816"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85826"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV17964
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74307
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74307
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 7.1.0.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.1 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, M\u00e1ximo Service Desk, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-0728",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-10T17:55:01.147",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74307"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV17961
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74726
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV17961
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74726
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Tivoli Asset Management for IT, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite remoto autenticado usuarios de inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-0746",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-10T17:55:01.273",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17961"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17961"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74726"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-04-17 14:15
Modified
2024-11-21 04:43
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/163490VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6190215Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/163490VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6190215Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm control_desk 7.6.1
ibm control_desk 7.6.1.1
ibm maximo_asset_configuration_manager 7.6.6
ibm maximo_asset_configuration_manager 7.6.7
ibm maximo_asset_configuration_manager 7.6.7.1
ibm maximo_asset_health_insights 7.6.1
ibm maximo_asset_health_insights 7.6.1.1
ibm maximo_asset_management 7.6.0
ibm maximo_asset_management 7.6.1
ibm maximo_asset_management 7.6.1.1
ibm maximo_asset_management_scheduler 7.6.7
ibm maximo_asset_management_scheduler 7.6.7.1
ibm maximo_asset_management_scheduler 7.6.7.3
ibm maximo_asset_management_scheduler_plus 7.6.7
ibm maximo_asset_management_scheduler_plus 7.6.7.1
ibm maximo_asset_management_scheduler_plus 7.6.7.3
ibm maximo_calibration 7.6
ibm maximo_enterprise_adapter 7.6
ibm maximo_enterprise_adapter 7.6.1
ibm maximo_equipment_maintenance_assistant_on-premises -
ibm maximo_for_aviation 7.6.6
ibm maximo_for_aviation 7.6.7
ibm maximo_for_aviation 7.6.8
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.1
ibm maximo_for_oil_and_gas 7.6.1
ibm maximo_for_service_providers 7.6.3.1
ibm maximo_for_service_providers 7.6.3.2
ibm maximo_for_service_providers 7.6.3.3
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_transportation 7.6.2.5
ibm maximo_for_utilities 7.6.0.1
ibm maximo_for_utilities 7.6.0.2
ibm maximo_linear_asset_manager 7.6.0.1
ibm maximo_linear_asset_manager 7.6.0.2
ibm maximo_linear_asset_manager 7.6.0.3
ibm maximo_network_on_blockchain 7.6.0.0
ibm maximo_network_on_blockchain 7.6.0.1
ibm tivoli_integration_composer 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "830412EF-C21D-4455-9396-06222B32F61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B9EA821-8DC7-4D08-B516-CA8D0692DD29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31FDF238-C29E-4F15-AB54-C90226BC0A69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA8E3FBA-9DBB-487E-99AD-5E1119150D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4989C34-4B4E-4E53-A13E-13667DCBB19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0CA9420-81DA-46BA-9E9D-839E226C868F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30EAD1D0-E949-488E-81BE-0C49C0E93757",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDD061C9-2D80-48CF-B660-68948B03F3C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "28402BF3-15EC-41F5-AD53-EC196CF3F345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "81A99155-0D86-4998-AC74-2FECE3AF277F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "69E511EF-7DE6-42CA-848C-E0FF2D04AB19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5021AA5-A4D4-4E5F-85A8-CFF038EBD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B80B0192-3ECE-4B44-B060-F6CE54A744C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_calibration:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "768BB000-6ED2-4289-8BCA-66981EC95BB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A20FB3-C352-4F5C-BD5A-5814BBA837DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C2AB76-29C5-46BD-ABAD-37913D3A4675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_equipment_maintenance_assistant_on-premises:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "28507169-71F2-4F97-BC1D-3A7935290762",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4317DA0E-678D-468F-8BE4-8BA20C01C588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB202BE-FF6E-49AC-84FF-F454361E5D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C05DA047-26F7-413E-8259-5F88C08AE2B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "532219AE-9F4D-49B0-A625-A690C9E8A7DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "160EE7B0-4F54-41F7-9266-C22776783BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19405179-FDEF-4207-B12F-C39D49B49F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBE6121-5166-4C7A-B4BA-4D5F46720EC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F66129CF-729D-4120-912E-E8109CF1E237",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BDF6664-537E-4CF8-9CCA-7C4746DE9B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F416A57-7B00-411D-B2D5-5BCB434568DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "73EEADC8-01D0-4D80-83E4-1643603485CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C84F5F-C612-4A0A-AD91-A4335496E934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C32832CB-63FC-4F9E-81A4-3A8CE2F98319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D23F86AC-2C39-42DC-83EF-3BA2DBF99A1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6CFC29-9FD2-4BE5-9A66-6FA6F94C0D7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BC0DF05-9B84-45B8-924E-E4CB672F7C45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "21C989DE-2E87-4941-B0DA-9381964E2292",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6,  podr\u00eda permitir a un usuario autentificado realizar acciones a las que no est\u00e1 autorizado al modificar los par\u00e1metros de petici\u00f3n. IBM X-Force ID: 163490."
    }
  ],
  "id": "CVE-2019-4446",
  "lastModified": "2024-11-21T04:43:37.023",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-17T14:15:17.507",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6190215"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6190215"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-06 01:29
Modified
2024-11-21 04:43
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/156565VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10880149Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/156565VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10880149Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm control_desk 7.6.0
ibm control_desk 7.6.0.1
ibm maximo_asset_management 7.6
ibm maximo_for_aviation 7.6
ibm maximo_for_aviation 7.6.1
ibm maximo_for_aviation 7.6.2
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.0
ibm maximo_for_oil_and_gas 7.6.0
ibm maximo_for_transportation 7.6.1
ibm maximo_for_transportation 7.6.2
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6
ibm smartcloud_control_desk -
ibm tivoli_integration_composer -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 Work Centers\u0027 application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565."
    },
    {
      "lang": "es",
      "value": "La aplicaci\u00f3n  Work Center de IBM Maximo Asset Management versi\u00f3n 7.6 no comprueba el tipo de archivo en la carga, lo que permite a los atacantes cargar archivos maliciosos. ID de IBM X-Force: 156565."
    }
  ],
  "id": "CVE-2019-4056",
  "lastModified": "2024-11-21T04:43:05.943",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-06T01:29:00.337",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3971.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV37599Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/84847
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV37599Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/84847
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3971."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.12 y 7.5 anterior a 7.5.0.5 permite a usuarios remotos autenticados evitar restricciones de acceso intencionadas a trav\u00e9s de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-3971."
    }
  ],
  "id": "CVE-2013-3049",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-01T11:14:43.750",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV37599"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV37599"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84847"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-02-02 02:15
Modified
2024-11-21 08:03
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/255073VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7112388Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/255073VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7112388Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls.  IBM X-Force ID:  255073."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6.1.3 podr\u00eda permitir que un atacante remoto inicie sesi\u00f3n en el panel de administraci\u00f3n debido a controles de acceso inadecuados. ID de IBM X-Force: 255073."
    }
  ],
  "id": "CVE-2023-32333",
  "lastModified": "2024-11-21T08:03:08.050",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-02T02:15:16.323",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255073"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7112388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7112388"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-10-09 16:15
Modified
2024-11-21 04:43
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/164554VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1075413Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/164554VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1075413Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.1
ibm control_desk 7.6.0
ibm control_desk 7.6.0.1
ibm maximo_for_aviation 7.6
ibm maximo_for_aviation 7.6.1
ibm maximo_for_aviation 7.6.2
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.0
ibm maximo_for_oil_and_gas 7.6.0
ibm maximo_for_transportation 7.6.1
ibm maximo_for_transportation 7.6.2
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6
ibm smartcloud_control_desk -
ibm tivoli_integration_composer -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6.1.1, genera un mensaje de error que incluye informaci\u00f3n confidencial que podr\u00eda ser usada en futuros ataques contra el sistema. ID de IBM X-Force: 164554."
    }
  ],
  "id": "CVE-2019-4512",
  "lastModified": "2024-11-21T04:43:40.713",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-09T16:15:16.267",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1075413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1075413"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-12-05 17:29
Modified
2024-11-21 04:00
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/145966VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10737457Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/145966VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10737457Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.6 podr\u00eda permitir que un usuario autenticado enumere nombres de usuario mediante una petici\u00f3n HTTP especialmente manipulada. IBM X-Force ID: 145966."
    }
  ],
  "id": "CVE-2018-1697",
  "lastModified": "2024-11-21T04:00:13.130",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-05T17:29:00.490",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145966"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10737457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145966"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10737457"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors.
References
psirt@us.ibm.comhttp://osvdb.org/85183
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV17942
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/75784
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/85183
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75784
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 6.2.0.0
ibm maximo_asset_management 7.1.0.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "789E00F7-D6CD-4F8C-B785-CB17DB11AEDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.2 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a usuarios remotos autenticados para obtener informaci\u00f3n sensible a trav\u00e9s indeterminado vectores."
    }
  ],
  "id": "CVE-2012-2185",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-10T17:55:01.460",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://osvdb.org/85183"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/85183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-05-26 16:29
Modified
2025-04-20 01:37
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22003414Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/125153Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22003414Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/125153Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6
ibm maximo_asset_management_essentials 7.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153."
    },
    {
      "lang": "es",
      "value": "Las versiones 7.5 y 7.6 de IBM Maximo Asset Management generan mensajes de error que podr\u00edan revelar informaci\u00f3n sensible para futuros ataques contra el sistema. IBM X-Force ID: 125153."
    }
  ],
  "id": "CVE-2017-1292",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-26T16:29:00.210",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://secunia.com/advisories/55070
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV24726
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80967
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55070
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV24726
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80967
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 6.2 hasta la versi\u00f3n 6.2.8 y 7.1 hasta la versi\u00f3n 7.1.1.12 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2013-0451",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-01T11:14:43.670",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24726"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80967"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2025-01-19 03:15
Modified
2025-08-18 17:56
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
References
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7174820Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."
    },
    {
      "lang": "es",
      "value": "La API MXAPIASSET de IBM Maximo 7.6.1.3 podr\u00eda permitir que un atacante remoto recorra directorios en sistema. Un atacante podr\u00eda enviar una solicitud de URL manipulado especial que contenga secuencias de \"punto punto\" (/../) para ver archivos arbitrarios en el directorio sistema."
    }
  ],
  "id": "CVE-2024-45652",
  "lastModified": "2025-08-18T17:56:48.057",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-01-19T03:15:06.647",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7174820"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-04-17 14:15
Modified
2024-11-21 04:43
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/170880VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6191583Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/170880VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6191583Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm control_desk 7.6.1
ibm control_desk 7.6.1.1
ibm maximo_asset_configuration_manager 7.6.6
ibm maximo_asset_configuration_manager 7.6.7
ibm maximo_asset_configuration_manager 7.6.7.1
ibm maximo_asset_health_insights 7.6.1
ibm maximo_asset_health_insights 7.6.1.1
ibm maximo_asset_management 7.6.1.1
ibm maximo_asset_management_scheduler 7.6.7
ibm maximo_asset_management_scheduler 7.6.7.1
ibm maximo_asset_management_scheduler 7.6.7.3
ibm maximo_asset_management_scheduler_plus 7.6.7
ibm maximo_asset_management_scheduler_plus 7.6.7.1
ibm maximo_asset_management_scheduler_plus 7.6.7.3
ibm maximo_calibration 7.6
ibm maximo_enterprise_adapter 7.6
ibm maximo_enterprise_adapter 7.6.1
ibm maximo_equipment_maintenance_assistant -
ibm maximo_for_aviation 7.6.6
ibm maximo_for_aviation 7.6.7
ibm maximo_for_aviation 7.6.8
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.1
ibm maximo_for_oil_and_gas 7.6.1
ibm maximo_for_service_providers 7.6.3.1
ibm maximo_for_service_providers 7.6.3.2
ibm maximo_for_service_providers 7.6.3.3
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_transportation 7.6.2.5
ibm maximo_for_utilities 7.6.0.1
ibm maximo_for_utilities 7.6.0.2
ibm maximo_linear_asset_manager 7.6.0.1
ibm maximo_linear_asset_manager 7.6.0.2
ibm maximo_linear_asset_manager 7.6.0.3
ibm maximo_network_on_blockchain 7.6.0.0
ibm maximo_network_on_blockchain 7.6.0.1
ibm maximo_spatial_asset_management 7.6.0.2
ibm maximo_spatial_asset_management 7.6.0.3
ibm maximo_spatial_asset_management 7.6.0.4
ibm maximo_spatial_asset_management 7.6.0.5
ibm tivoli_integration_composer 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "830412EF-C21D-4455-9396-06222B32F61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B9EA821-8DC7-4D08-B516-CA8D0692DD29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31FDF238-C29E-4F15-AB54-C90226BC0A69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA8E3FBA-9DBB-487E-99AD-5E1119150D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4989C34-4B4E-4E53-A13E-13667DCBB19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDD061C9-2D80-48CF-B660-68948B03F3C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "28402BF3-15EC-41F5-AD53-EC196CF3F345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "81A99155-0D86-4998-AC74-2FECE3AF277F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "69E511EF-7DE6-42CA-848C-E0FF2D04AB19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5021AA5-A4D4-4E5F-85A8-CFF038EBD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B80B0192-3ECE-4B44-B060-F6CE54A744C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_calibration:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "768BB000-6ED2-4289-8BCA-66981EC95BB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A20FB3-C352-4F5C-BD5A-5814BBA837DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C2AB76-29C5-46BD-ABAD-37913D3A4675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_equipment_maintenance_assistant:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEED2F57-E98D-479E-8303-2188AFA0C70B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4317DA0E-678D-468F-8BE4-8BA20C01C588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB202BE-FF6E-49AC-84FF-F454361E5D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C05DA047-26F7-413E-8259-5F88C08AE2B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "532219AE-9F4D-49B0-A625-A690C9E8A7DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "160EE7B0-4F54-41F7-9266-C22776783BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19405179-FDEF-4207-B12F-C39D49B49F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBE6121-5166-4C7A-B4BA-4D5F46720EC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F66129CF-729D-4120-912E-E8109CF1E237",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BDF6664-537E-4CF8-9CCA-7C4746DE9B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F416A57-7B00-411D-B2D5-5BCB434568DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "73EEADC8-01D0-4D80-83E4-1643603485CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C84F5F-C612-4A0A-AD91-A4335496E934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C32832CB-63FC-4F9E-81A4-3A8CE2F98319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D23F86AC-2C39-42DC-83EF-3BA2DBF99A1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6CFC29-9FD2-4BE5-9A66-6FA6F94C0D7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BC0DF05-9B84-45B8-924E-E4CB672F7C45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D799591-F5D0-4B17-AE32-ABED616A65AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "095BBF20-1C8F-4FBC-8D72-3A3DB5A3F68F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0B3B2C5-E8D0-48A1-9837-40A627D7E742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E59EA84-F607-404B-A392-7D68C5672B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "21C989DE-2E87-4941-B0DA-9381964E2292",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista, conllevando a una divulgaci\u00f3n de credenciales en una sesi\u00f3n confiable. IBM X-Force ID: 170880."
    }
  ],
  "id": "CVE-2019-4644",
  "lastModified": "2024-11-21T04:43:54.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-17T14:15:17.833",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6191583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6191583"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-11-28 16:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143497.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/106125Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/143497VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10741821Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106125Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/143497VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10741821Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143497."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 143497."
    }
  ],
  "id": "CVE-2018-1584",
  "lastModified": "2024-11-21T04:00:02.590",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-28T16:29:00.437",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106125"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143497"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10741821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10741821"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-19 14:15
Modified
2024-11-21 04:43
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/108910Broken Link, Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/161680VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10887557Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/108910Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/161680VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10887557Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6
ibm control_desk 7.6.0
ibm control_desk 7.6.0.1
ibm maximo_for_aviation 7.6
ibm maximo_for_aviation 7.6.1
ibm maximo_for_aviation 7.6.2
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.0
ibm maximo_for_oil_and_gas 7.6.0
ibm maximo_for_transportation 7.6.1
ibm maximo_for_transportation 7.6.2
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6
ibm smartcloud_control_desk -
ibm tivoli_integration_composer -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6 es vulnerable a la inyecci\u00f3n de CSV, lo que podr\u00eda permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema. ID de IBM X-Force: 161680."
    }
  ],
  "id": "CVE-2019-4364",
  "lastModified": "2024-11-21T04:43:30.613",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-19T14:15:11.020",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108910"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1236"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
psirt@us.ibm.comhttp://osvdb.org/85186
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV16032
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74731
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/85186
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74731
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 6.2.0.0
ibm maximo_asset_management 7.1.0.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "789E00F7-D6CD-4F8C-B785-CB17DB11AEDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 6.2 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, M\u00e1ximo Service Desk, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-0747",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-10T17:55:01.320",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://osvdb.org/85186"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/85186"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74731"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV55019
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/91287
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV55019
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/91287
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.0.5
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified parameters."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en customreport.jsp en IBM Maximo Asset Management 7.5.x anterior a 7.5.0.5 IFIX006 y SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de par\u00e1metros no especificados."
    }
  ],
  "id": "CVE-2014-0893",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-05-26T16:55:03.253",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55019"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91287"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-02-22 19:29
Modified
2024-11-21 03:59
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22013796Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/103169Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/138821VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22013796Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103169Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/138821VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.0.5
ibm maximo_asset_management 7.6.0.6
ibm maximo_asset_management 7.6.0.7
ibm maximo_asset_management 7.6.0.8


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5B7CA3C-5F9B-45A3-80AC-F5A4E190CC37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5550B7-9133-4434-A01C-0A35E59ECDD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D4B8FE2-799E-4D5F-B582-49E799A3ADDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D48A30C-6B35-4484-9375-3AAE4CB5051B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 138821."
    }
  ],
  "id": "CVE-2018-1415",
  "lastModified": "2024-11-21T03:59:46.457",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-22T19:29:03.513",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22013796"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103169"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22013796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138821"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-03-13 03:12
Modified
2025-04-11 00:51
Severity ?
Summary
Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component.
References
psirt@us.ibm.comhttp://secunia.com/advisories/48299
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV09200
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/52333
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/72006
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/72006
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management_essentials 6.2
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de redirecci\u00f3n involuntaria en IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5 permite a usuarios autenticados remotos redirigir a usuarios a webs arbitrarias y realizar ataques de phishing a trav\u00e9s del par\u00e1metro uisessionid de un componente sin especificar."
    }
  ],
  "id": "CVE-2011-4818",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-03-13T03:12:26.120",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72006"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2025-04-20 01:37
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21987855Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/93872Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21987855Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/93872Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6
ibm maximo_for_aviation 7.6
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6
ibm maximo_for_oil_and_gas 7.6
ibm maximo_for_transportation 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B15803-D203-4620-B4CF-0F417C7A9B79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED14563B-CA07-4CEF-B46B-672F06D08B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7759191C-5D16-4937-BC80-5A47FE4F9DD1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management podr\u00eda revelar informaci\u00f3n sensible de una traza de pila despu\u00e9s de la presentaci\u00f3n de inicio de sesi\u00f3n incorrecto en el navegador de Cognos."
    }
  ],
  "id": "CVE-2016-5896",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:00.987",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21987855"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21987855"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93872"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-08-02 14:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142891.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/104959Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/142891VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10713695Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104959Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/142891VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10713695Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D03DD10-2322-4866-929F-24A13CB3378A",
              "versionEndExcluding": "7.6.1.0",
              "versionStartIncluding": "7.6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142891."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 142891."
    }
  ],
  "id": "CVE-2018-1554",
  "lastModified": "2024-11-21T04:00:00.483",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-02T14:29:00.317",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104959"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142891"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10713695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10713695"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-10-05 13:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/145505VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10728865Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/145505VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10728865Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12CF50F5-F353-40DF-B3BB-ADC75971D265",
              "versionEndIncluding": "7.6.3",
              "versionStartIncluding": "7.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management, de la versi\u00f3n 7.6 a la 7.6.3 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 145505."
    }
  ],
  "id": "CVE-2018-1686",
  "lastModified": "2024-11-21T04:00:12.290",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-05T13:29:09.100",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145505"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10728865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145505"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10728865"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-12-18 16:04
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV49268
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21660032Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/64333
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/87298
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21660032Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/64333
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/87298
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.1
ibm maximo_asset_management_essentials 7.5.0.2
ibm maximo_asset_management_essentials 7.5.0.3
ibm maximo_asset_management_essentials 7.5.0.4
ibm maximo_asset_management_essentials 7.5.0.5
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.0.5
ibm change_and_configuration_management_database 7.1.1.12
ibm change_and_configuration_management_database 7.1.2
ibm change_and_configuration_management_database 7.2
ibm change_and_configuration_management_database 7.2.0.1
ibm tivoli_asset_management_for_it 7.1.1.12
ibm tivoli_asset_management_for_it 7.1.2
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_asset_management_for_it 7.2.0.1
ibm tivoli_service_request_manager 7.1.1.12
ibm tivoli_service_request_manager 7.1.2
ibm tivoli_service_request_manager 7.2
ibm tivoli_service_request_manager 7.2.0.1
ibm tivoli_service_request_manager 7.2.1.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E052B5F4-34AD-46CE-836F-43FCD4B5B7BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A7E369-EBBD-4456-AE47-712CB273F40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6562F50F-0566-4C82-AE66-36049B220C2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CEE1180-9EC7-4078-B90E-077489E4F586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF1F14EE-6B26-427D-8FFB-94EC042C0FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "477D96BA-18FC-4B02-B0F7-276F93D9A25A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1F47F9-4D3D-439A-BEE8-F270C9BA7B71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87F7EA33-B49A-4283-8A00-9B629508143E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de cross-site scripting (XSS) en IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, y Maximo for  Utilities 7.1.x a 7.1.1.12, 7.5 anteriores a 7.5.0.3 IFIX014, y 7.5.0.5 anteriores a IFIX003; SmartCloud Control Desk (SCCD) 7.5 anteriores a 7.5.0.3 IFIX014 y 7.5.0.5 anteriores a IFIX003; y Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, y Change y Configuration Management Database (CCMDB) 7.1.x a 7.1.1.12, 7.1.2, y 7.2.x a 7.2.1 permite a usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-5402",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-12-18T16:04:33.553",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/64333"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/64333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://secunia.com/advisories/55070
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV40704
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/86934
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55070
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV40704
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/86934
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.2 hasta la versi\u00f3n 6.2.8, 7.1 anterior a 7.1.1.12, y 7.5 anterior a la versi\u00f3n 7.5.0.5 permite a usuarios remotos autenticados obtener privilegios a trav\u00e9s de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-5382."
    }
  ],
  "id": "CVE-2013-5383",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-01T11:14:44.157",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40704"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86934"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86934"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 11:14
Modified
2025-04-12 10:46
Severity ?
Summary
CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV26377
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/78145
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/78145
Impacted products
Vendor Product Version
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n CRLF en IBM Maximo Asset Management 7.x anterior a 7.5.0.6 y SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de divisi\u00f3n de respuestas HTTP a trav\u00e9s de un par\u00e1metro manipulado en una URL."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/93.html\n\n\"CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)\"",
  "id": "CVE-2012-3333",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T11:14:51.110",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78145"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-01-19 02:15
Modified
2024-11-21 08:03
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/255288VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7107712Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/255288VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7107712Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_application_suite *
ibm maximo_application_suite *
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DB891EC-E752-439B-BCA7-3C4B8A44C52B",
              "versionEndExcluding": "8.10.6",
              "versionStartIncluding": "8.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13818541-5D8C-47BF-83A1-03C3B3DA7699",
              "versionEndIncluding": "8.11.2",
              "versionStartIncluding": "8.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.  IBM X-Force ID:  255288."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Spatial Asset Management 8.10 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado env\u00ede solicitudes no autorizadas desde el sistema, lo que podr\u00eda provocar la enumeraci\u00f3n de la red o facilitar otros ataques. ID de IBM X-Force: 255288."
    }
  ],
  "id": "CVE-2023-32337",
  "lastModified": "2024-11-21T08:03:08.567",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-19T02:15:07.537",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255288"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7107712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255288"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7107712"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-07-30 11:15
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.
References
psirt@us.ibm.comhttp://secunia.com/advisories/59570
psirt@us.ibm.comhttp://secunia.com/advisories/59640
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV56680
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21678894Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/archive/1/533110/100/0/threaded
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/91884
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59570
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59640
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21678894Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/533110/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/91884
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management_essentials *
ibm maximo_asset_management_essentials 6.2.0.0
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.1
ibm maximo_asset_management_essentials 7.5.0.2
ibm maximo_asset_management_essentials 7.5.0.3
ibm maximo_asset_management_essentials 7.5.0.4
ibm maximo_asset_management_essentials 7.5.0.5
ibm maximo_for_government *
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_life_sciences *
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_nuclear_power *
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_oil_and_gas *
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_transportation *
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_utilities *
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_service_desk *
ibm smartcloud_control_desk *
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm smartcloud_control_desk 7.5.1.2
ibm tivoli_it_asset_management_for_it *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8, 6.x y 7.1 hasta 7.1.1.2 y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2 hasta 6.2.8, 7.1 hasta 7.1.1.2 y 7.2 para Tivoli Asset Management for IT y ciertos otros productos permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) el campo KPI display name o (2) un campo portlet."
    }
  ],
  "id": "CVE-2014-0915",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-30T11:15:33.253",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-08-29 09:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended write-access restrictions on calendar entries via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/60408
psirt@us.ibm.comhttp://secunia.com/advisories/60453
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV61274
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21681020Vendor Advisory
psirt@us.ibm.comhttp://www.securitytracker.com/id/1030780
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/93955
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60408
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60453
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV61274
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21681020Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030780
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/93955
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.1
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 6.5
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm smartcloud_control_desk 7.5.1.2
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8367E063-B3D7-4C9B-98BF-7E323BA40668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "67EBBA37-3CDA-4244-AD31-1A2CC7B62C20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended write-access restrictions on calendar entries via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.1 hasta 6.5, 7.1 hasta 7.1.1.13, y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2.8, 7.1, y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos permite a usuarios remotos autenticados evadir las restricciones de acceso a la escritura en las entradas de calendarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-3084",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-08-29T09:55:07.790",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/60408"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/60453"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61274"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681020"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1030780"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93955"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-19 14:15
Modified
2024-11-21 04:43
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/108912Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/160949VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10887563Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/108912Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/160949VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10887563Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6
ibm control_desk 7.6.0
ibm control_desk 7.6.0.1
ibm maximo_for_aviation 7.6
ibm maximo_for_aviation 7.6.1
ibm maximo_for_aviation 7.6.2
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.0
ibm maximo_for_oil_and_gas 7.6.0
ibm maximo_for_transportation 7.6.1
ibm maximo_for_transportation 7.6.2
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6
ibm smartcloud_control_desk -
ibm tivoli_integration_composer -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6 es vulnerable a cross-site-scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista que puede conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza. ID de IBM X-Force: 160949."
    }
  ],
  "id": "CVE-2019-4303",
  "lastModified": "2024-11-21T04:43:26.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-19T14:15:10.973",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108912"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108912"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-06-13 14:15
Modified
2024-11-21 08:56
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/279973VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7157256Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7157257Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/279973VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7157256Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7157257Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_application_suite 8.10
ibm maximo_application_suite 8.11
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD9CA1C5-A903-4002-B9D3-430412676544",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB312A14-314B-4AD0-941C-A6AE1EC0D592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system.  IBM X-Force ID:  279973."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.6.1.3 e IBM Maximo Application Suite 8.10 y 8.11 permiten almacenar p\u00e1ginas web localmente que pueden ser le\u00eddas por otro usuario en el sistema. ID de IBM X-Force: 279973."
    }
  ],
  "id": "CVE-2024-22333",
  "lastModified": "2024-11-21T08:56:04.383",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-13T14:15:11.110",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279973"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7157256"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7157257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7157256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7157257"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-525"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-08 13:15
Modified
2024-11-21 05:32
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/182713VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6220528Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/182713VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6220528Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.1.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E62D9C2-D670-4C11-8149-59730F0A3BD3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo server side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeraci\u00f3n de la red o facilitando otros ataques. IBM X-Force ID: 182713"
    }
  ],
  "id": "CVE-2020-4529",
  "lastModified": "2024-11-21T05:32:51.203",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 3.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-08T13:15:15.620",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182713"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6220528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6220528"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-07-29 20:55
Modified
2025-04-12 10:46
Severity ?
Summary
CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/59570
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21678798Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/93065
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59570
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21678798Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/93065
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.1
ibm maximo_asset_management_essentials 7.5.0.2
ibm maximo_asset_management_essentials 7.5.0.3
ibm maximo_asset_management_essentials 7.5.0.4
ibm maximo_asset_management_essentials 7.5.0.5
ibm maximo_asset_management_essentials 7.5.0.6
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm smartcloud_control_desk 7.5.1.2
ibm smartcloud_control_desk 7.5.1.3
ibm maximo_industry_solutions 7.5.0.0
ibm maximo_industry_solutions 7.5.0.1
ibm maximo_industry_solutions 7.5.0.2
ibm maximo_industry_solutions 7.5.0.3
ibm maximo_industry_solutions 7.5.0.4
ibm maximo_industry_solutions 7.5.0.5
ibm maximo_industry_solutions 7.5.0.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7197C12C-5CD7-4F7D-8B38-F792FAABC1FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD13DA8-00F5-43CE-BBAE-EB7DE0E46F8F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB38B1E5-5C80-4B04-8291-E4686E84F8F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "002A5BD4-2962-4045-923F-E6710EC869CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9B16418-C06A-4B78-A838-1C6BFC2EAC47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FC6AC1A-E79F-4A66-8BF0-10A6C587DB8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EF48295-8CB1-4E9A-A760-7A2785505248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B92B24E3-CB7C-4550-8C0C-0D8173BC7DDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B4D7E9-EB7C-4113-8D1C-6BE913FF3D9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n CRLF en IBM Maximo Asset Management 7.5 hasta 7.5.0.6 y 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, permite a usuarios remotos autenticados inyectar cabeceras HTTP arbitrarias y realizar ataques de divisi\u00f3n de respuestas HTTP a trav\u00e9s de vectores no especificados."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/93.html\" target=\"_blank\"\u003eCWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)\u003c/a\u003e",
  "id": "CVE-2014-3026",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-29T20:55:08.100",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93065"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://secunia.com/advisories/55070
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV39515
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/85792
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55070
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV39515
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/85792
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 6.2 hasta la versi\u00f3n 6.2.8, 7.1 anterior a 7.1.1.12, y 7.5 anterior a la versi\u00f3n 7.5.0.5 permite a atacantes remotos inyectar script web arbitrario o HTML a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2013-4014",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-10-01T11:14:43.860",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39515"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85792"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV20823
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/78040
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/78040
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1.
ibm change_and_configuration_management_database 7.2.0
ibm maximo_asset_management 7.1
ibm maximo_asset_management_essentials 7.1
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.1.0.0
ibm tivoli_service_request_manager 7.2.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.:*:*:*:*:*:*:*",
              "matchCriteriaId": "13CD271A-72E0-4730-A936-87B5122D9E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en IBM Maximo Asset Management v7.1, Maximo Asset Management Essentials v7.1, Tivoli Asset Management para IT v7.1 y v7.2, Tivoli Service Request Manager v7.1 y v7.2, y Change y Configuration Management Database (CCMDB) v7.1 v 7.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores que involucran a un marco (frame) oculto en el pie."
    }
  ],
  "id": "CVE-2012-3328",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-20T12:09:22.037",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78040"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 11:14
Modified
2025-04-12 10:46
Severity ?
Summary
frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV34110
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/84841
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV34110
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/84841
Impacted products
Vendor Product Version
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code."
    },
    {
      "lang": "es",
      "value": "frontcontroller.jsp en IBM Maximo Asset Management 7.x anterior a 7.5.0.6 y SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de un action_code inv\u00e1lido."
    }
  ],
  "id": "CVE-2013-2998",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T11:14:51.187",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV34110"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV34110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84841"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-08-03 15:29
Modified
2024-11-21 03:59
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/142116VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=swg22017452Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/142116VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=swg22017452Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management *
ibm maximo_for_aviation 7.6.0.0
ibm maximo_for_aviation 7.6.1.0
ibm maximo_for_aviation 7.6.2.0
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3.0
ibm maximo_for_life_sciences 7.6.0.0
ibm maximo_for_nuclear_power 7.6.0.0
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.6.0.0
ibm maximo_for_transportation 7.6.1.0
ibm maximo_for_transportation 7.6.2.0
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6.0.0
ibm smartcloud_control_desk 7.6.0.0
ibm smartcloud_control_desk 7.6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DCFD28A-B0AD-4FA5-9774-A92220F29970",
              "versionEndIncluding": "7.6.3.0",
              "versionStartIncluding": "7.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60F3899C-18C5-4A64-92EC-83C73EBEE057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "95583119-EC0D-4C54-BDA3-8E02A2466870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "305E7DA7-1E2E-407A-9362-CF57C0D4AD6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B780FAB9-B58D-4622-B2B4-97662B9421CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBA93D8B-45B2-445C-85CB-FB594D1746F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F39E45D-3415-45E2-9852-46C0AA109B72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651E3E5-5A2C-468E-B686-662DDC162644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B428BE8-BDFF-488A-91E8-E70613589640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FCC6013-BE3C-4C7D-BA7A-49529F0697C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB777BBB-7969-4D0D-89A6-C0E2FC9B2569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "800B9C4C-70D7-4E3D-86BD-1855B14910F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B1037D-F4D1-4CD6-BBD7-6E72EB4A1620",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management, de la versi\u00f3n 7.6 a la 7.6.3, se instala con una cuenta de administrador por defecto que podr\u00eda ser empleada por un atacante remoto para obtener acceso de administrador al sistema. Esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2015-4966. IBM X-Force ID: 142116."
    }
  ],
  "id": "CVE-2018-1524",
  "lastModified": "2024-11-21T03:59:57.687",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-03T15:29:00.340",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142116"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22017452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22017452"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1188"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://secunia.com/advisories/55070
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV33364
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/86931
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55070
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV33364
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/86931
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.2 hasta la versi\u00f3n 6.2.8, 7.1 anterior a 7.1.1.12, y 7.5 anterior a la versi\u00f3n 7.5.0.5 permite a usuarios locales obtener informaci\u00f3n sensible a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2013-5380",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-01T11:14:44.077",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV33364"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV33364"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86931"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://secunia.com/advisories/55070
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV39202Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/85791
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55070
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV39202Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/85791
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.2 hasta la versi\u00f3n 6.2.8, 7.1 hasta 7.1.1.12, y 7.5 anterior a la versi\u00f3n 7.5.0.2 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2013-4013",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-01T11:14:43.843",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39202"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85791"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-02-17 18:15
Modified
2024-11-21 07:23
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/237587VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6857605Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/237587VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6857605Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_application_suite 8.4
ibm maximo_application_suite 8.5
ibm maximo_asset_management 7.6.1.2
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F41112B7-EF72-42A6-883C-889B39DAE47C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "847BA632-5492-47DE-9888-F0D4816DCEBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.  IBM X-Force ID:  237587."
    }
  ],
  "id": "CVE-2022-41734",
  "lastModified": "2024-11-21T07:23:45.457",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-02-17T18:15:11.907",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237587"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6857605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237587"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6857605"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV46511
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/88364
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/88364
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm change_and_configuration_management_database 7.1.1.7
ibm change_and_configuration_management_database 7.1.1.11
ibm change_and_configuration_management_database 7.1.1.12
ibm maximo_service_desk 7.1.1.7
ibm maximo_service_desk 7.1.1.11
ibm maximo_service_desk 7.1.1.12
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_it_asset_management_for_it 7.1.1.7
ibm tivoli_it_asset_management_for_it 7.1.1.11
ibm tivoli_it_asset_management_for_it 7.1.1.12
ibm tivoli_service_request_manager 7.0
ibm tivoli_service_request_manager 7.1.0.0
ibm tivoli_service_request_manager 7.1.1
ibm tivoli_service_request_manager 7.1.1.7
ibm tivoli_service_request_manager 7.1.1.11
ibm tivoli_service_request_manager 7.1.1.12
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E15FC98-D8AB-4D9C-9842-85138A2FECF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "186498FC-A8BD-4EA3-96C7-1A21983BB2BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "396F80FF-BD2E-46A4-8A44-21CC35F42E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "67A0292F-FDFE-42A6-92FC-F26596C4D23C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8D102E6-18FF-4BC7-83BC-77946101864C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "63EA5235-E946-487D-A875-537B87B2638E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.x anterior a 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 anterior a IFIX.20140323-0749, 7.1.1.12 anterior a IFIX.20140321-1336, 7.5.x anterior a 7.5.0.3 IFIX027 y 7.5.0.4 anterior a IFIX011; SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x anterior a 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 anterior a IFIX.20140207-1801 y 7.1.1.12 anterior a IFIX.20140218-1510 no restringen debidamente tipos de archivo durante subidas, lo que permite a usuarios remotos autenticados tener un impacto no especificado a trav\u00e9s de un tipo inv\u00e1lido."
    }
  ],
  "id": "CVE-2013-5465",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T16:55:02.927",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-08-12 16:15
Modified
2024-11-21 05:46
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/198243VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6480377Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/198243VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6480377Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E665B771-F355-41B5-A018-DD83B6FCD01F",
              "versionEndExcluding": "7.6.1.2",
              "versionStartExcluding": "7.6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es potencialmente vulnerable a una inyecci\u00f3n CSV. Un atacante remoto podr\u00eda ejecutar comandos arbitrarios en el sistema, causados por la comprobaci\u00f3n inapropiada del contenido de los archivos csv. IBM X-Force ID: 198243"
    }
  ],
  "id": "CVE-2021-20509",
  "lastModified": "2024-11-21T05:46:41.923",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-12T16:15:10.437",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198243"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6480377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198243"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6480377"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-03-13 03:12
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter.
References
cve@mitre.orghttp://secunia.com/advisories/48299
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1IV09189
cve@mitre.orghttp://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/52333
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/71996
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV09189
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/71996
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management_essentials 6.2
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en imicon.jsp de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro controlid."
    }
  ],
  "id": "CVE-2011-1395",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-03-13T03:12:25.900",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09189"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71996"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-10-05 14:15
Modified
2024-11-21 05:32
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/181995VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6340281Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/181995VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6340281Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management *
ibm maximo_asset_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09D8BBE4-26EC-4488-95B7-32B46C574CA9",
              "versionEndExcluding": "7.6.0.10",
              "versionStartIncluding": "7.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56321E93-9AF4-48D6-A6F9-2E5473268FDF",
              "versionEndExcluding": "7.6.1.2",
              "versionStartIncluding": "7.6.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, podr\u00eda permitir a un atacante omitir una autenticaci\u00f3n y emitir comandos usando un comando HTTP especialmente dise\u00f1ado. IBM X-Force ID: 181995"
    }
  ],
  "id": "CVE-2020-4493",
  "lastModified": "2024-11-21T05:32:48.507",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-05T14:15:13.420",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181995"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6340281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181995"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6340281"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV24609
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/77813
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/77813
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management_essentials 6.2.0.0
ibm maximo_asset_management_essentials 7.5.0.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.1.0.0
ibm tivoli_service_request_manager 7.2.0.0
ibm maximo_service_desk 6.2
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2.0
ibm smartcloud_control_desk 7.5.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en Tivoli Process Automation Engine (TPAE) en IBM Maximo Asset Management v6.2 a la v7.5, Maximo Asset Management Essentials v6.2 a la v7.5, Tivoli Asset Management para IT v6.2 a la v7.2, Tivoli Service Request Manager v7.1 a la v7.2, Maximo Service Desk v6.2, Change y Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5, permite a usuarios autenticados remotamente inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-3316",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-20T12:09:21.803",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV27329
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80748
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80748
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.0
ibm smartcloud_control_desk 7.5.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, y SmartCloud Control Desk 7.5 permite a usuarios remotos autenticados para obtener privilegios a trav\u00e9s de vectores relacionados con una operaci\u00f3n de importaci\u00f3n."
    }
  ],
  "id": "CVE-2012-6356",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-20T12:09:22.520",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80748"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-09-08 20:15
Modified
2024-11-21 08:03
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/255072VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7030367Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7030926Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/255072VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7030367Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7030926Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_application_suite 8.9
ibm maximo_application_suite 8.10
ibm maximo_asset_management 7.6.1.2
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B579088F-A2A9-4FBD-8090-33FFD24C47A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD9CA1C5-A903-4002-B9D3-430412676544",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.  IBM X-Force ID:  255072."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Application Suite en versiones 8.9 y 8.10 e IBM Maximo Asset Management en versiones 7.6.1.2 y 7.6.1.3 son vulnerables a la inyecci\u00f3n HTML. Un atacante remoto podr\u00eda inyectar c\u00f3digo HTML malicioso, que cuando se detecta, se ejecutar\u00eda en el navegador web de la v\u00edctima dentro del contexto de seguridad del sitio de hosting. ID de IBM X-Force: 255072."
    }
  ],
  "id": "CVE-2023-32332",
  "lastModified": "2024-11-21T08:03:07.907",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-08T20:15:14.583",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255072"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7030367"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7030926"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7030367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7030926"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-07-05 17:29
Modified
2025-04-20 01:37
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22005212Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/99363Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/123297VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22005212Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99363Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/123297VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297."
    },
    {
      "lang": "es",
      "value": "IBM M\u00e1ximo Asset Management 7.1, 7.5 y 7.6 es vulnerable a la inyecci\u00f3n de sentencias SQL. Un atacante remoto podr\u00eda enviar sentencias SQL especialmente modificadas, lo que permitir\u00eda al atacante ver, a\u00f1adir modificar o borrar informaci\u00f3n en el back-end de la base de datos. IBM X-Force ID: 123297."
    }
  ],
  "id": "CVE-2017-1175",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-05T17:29:00.293",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005212"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99363"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22005212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123297"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-03-07 17:59
Modified
2025-04-20 01:37
Severity ?
2.9 (Low) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21998053Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/96536
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21998053Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/96536
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.3
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.5.0.9
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management 7.6
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_asset_management 7.6.0.3
ibm maximo_asset_management 7.6.0.4
ibm maximo_asset_management 7.6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F919705D-1394-4443-BE46-117F41A38D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29858665-FA68-4EDE-A0E7-6C79E8786871",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5B7CA3C-5F9B-45A3-80AC-F5A4E190CC37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1, 7.5 y 7.6 podr\u00eda permitir a un atacante local obtener informaci\u00f3n sensible utilizando inyecci\u00f3n de encabezado HTTP. Referencia de IBM #: 1998053."
    }
  ],
  "id": "CVE-2017-1124",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.9,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-07T17:59:00.570",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21998053"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/96536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21998053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/96536"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-03 05:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21969052Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21969052Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.6
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1
ibm tivoli_service_request_manager 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX005 y 7.6.0 en versiones anteriores a 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.8 IFIX005, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.2 IFIX002 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y llevar a cabo un inicio de sesi\u00f3n introduciendo una contrase\u00f1a caducada."
    }
  ],
  "id": "CVE-2015-5017",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-03T05:59:03.897",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV53362
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90501
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/90501
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.0
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.1.1.7
ibm change_and_configuration_management_database 7.1.1.11
ibm change_and_configuration_management_database 7.1.1.12
ibm maximo_service_desk 7.1.1.7
ibm maximo_service_desk 7.1.1.11
ibm maximo_service_desk 7.1.1.12
ibm tivoli_it_asset_management_for_it 7.1.1.7
ibm tivoli_it_asset_management_for_it 7.1.1.11
ibm tivoli_it_asset_management_for_it 7.1.1.12
ibm tivoli_service_request_manager 7.0
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.1.0.0
ibm tivoli_service_request_manager 7.1.1
ibm tivoli_service_request_manager 7.1.1.7
ibm tivoli_service_request_manager 7.1.1.11
ibm tivoli_service_request_manager 7.1.1.12
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E15FC98-D8AB-4D9C-9842-85138A2FECF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "186498FC-A8BD-4EA3-96C7-1A21983BB2BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "396F80FF-BD2E-46A4-8A44-21CC35F42E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "67A0292F-FDFE-42A6-92FC-F26596C4D23C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8D102E6-18FF-4BC7-83BC-77946101864C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "63EA5235-E946-487D-A875-537B87B2638E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en openreport.jsp en IBM Maximo Asset Management 7.x anterior a 7.1.1.12 IFIX.20140321-1336 y 7.5.x anterior a 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x anterior a 7.1.1.12 IFIX.20140218-1510 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un par\u00e1metro report manipulado."
    }
  ],
  "id": "CVE-2014-0825",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-05-26T16:55:03.130",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV15530
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/77787
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/77787
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 6.2.0.0
ibm maximo_asset_management 7.1.0.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "789E00F7-D6CD-4F8C-B785-CB17DB11AEDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management 6.2 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Tivoli Asset Management for IT, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-3313",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-10T17:55:01.507",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77787"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV46745
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/88308
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV46745
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/88308
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.x anterior a 7.5.0.6 y SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 permiten a usuarios remotos autenticados evadir restricciones de acceso y leer registros de comunicaci\u00f3n asociados con registros no relacionados a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-5460",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T16:55:02.800",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46745"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46745"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88308"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-02-22 19:29
Modified
2024-11-21 03:59
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22013797Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/103154Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/138820VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22013797Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103154Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/138820VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management_essentials 7.5.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management en sus versiones 7.5 y 7.6 es vulnerable a inyecci\u00f3n SQL. Un atacante remoto podr\u00eda enviar instrucciones SQL especialmente manipuladas que podr\u00edan permitir que el atacante viese, a\u00f1adiese, modificase o borrase informaci\u00f3n en la base de datos del backend. IBM X-Force ID: 138820."
    }
  ],
  "id": "CVE-2018-1414",
  "lastModified": "2024-11-21T03:59:46.313",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-22T19:29:03.217",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103154"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV39184
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/84850
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV39184
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/84850
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.1 anterior a la versi\u00f3n 7.1.1.12 y 7.5 anterior a la versi\u00f3n 7.5.0.5 permite a atacantes remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2013-3973",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-01T11:14:43.813",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39184"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84850"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV23838
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/77918
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/77918
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management_essentials 6.2.0.0
ibm maximo_asset_management_essentials 7.5.0.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.1.0.0
ibm tivoli_service_request_manager 7.2.0.0
ibm maximo_service_desk 6.2
ibm change_and_configuration_management_database 7.1.
ibm change_and_configuration_management_database 7.2.0
ibm smartcloud_control_desk 7.5.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.:*:*:*:*:*:*:*",
              "matchCriteriaId": "13CD271A-72E0-4730-A936-87B5122D9E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en IBM Maximo Asset Management v6.2 a la v7.5, Maximo Asset Management Essentials v6.2 a la v7.5, Tivoli Asset Management para IT v6.2 a la v7.2, Tivoli Service Request Manager v7.1 y v7.2, Maximo Service Desk v6.2, Change y Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5, permite a usuarios autenticados remotamente, inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores relacionados con el \"display name\"."
    }
  ],
  "id": "CVE-2012-3322",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-20T12:09:21.943",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-09 18:29
Modified
2025-04-20 01:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22006647Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/100214Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/126684VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22006647Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/100214Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/126684VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.5.0.9
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_asset_management 7.6.0.3
ibm maximo_asset_management 7.6.0.4
ibm maximo_asset_management 7.6.0.5
ibm maximo_asset_management 7.6.0.6
ibm maximo_asset_management 7.6.0.7
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.1
ibm maximo_asset_management_essentials 7.5.0.2
ibm maximo_asset_management_essentials 7.5.0.3
ibm maximo_asset_management_essentials 7.5.0.4
ibm maximo_asset_management_essentials 7.5.0.5
ibm maximo_asset_management_essentials 7.5.0.6
ibm maximo_asset_management_essentials 7.5.0.7
ibm maximo_asset_management_essentials 7.5.0.8
ibm maximo_asset_management_essentials 7.5.0.9
ibm maximo_asset_management_essentials 7.5.0.10
ibm maximo_asset_management_essentials 7.6.0.0
ibm maximo_asset_management_essentials 7.6.0.1
ibm maximo_asset_management_essentials 7.6.0.2
ibm maximo_asset_management_essentials 7.6.0.3
ibm maximo_asset_management_essentials 7.6.0.4
ibm maximo_asset_management_essentials 7.6.0.5
ibm maximo_asset_management_essentials 7.6.0.6
ibm maximo_asset_management_essentials 7.6.0.7


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29858665-FA68-4EDE-A0E7-6C79E8786871",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5B7CA3C-5F9B-45A3-80AC-F5A4E190CC37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5550B7-9133-4434-A01C-0A35E59ECDD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D4B8FE2-799E-4D5F-B582-49E799A3ADDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7197C12C-5CD7-4F7D-8B38-F792FAABC1FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EE096D4-40A8-4FD8-905C-3B13476BF748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E369397-1BC9-42E3-94AB-1CDB01D4838C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "56F90E1F-C0A0-4D6C-A497-9CC3AAF9ECB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF80B092-7E42-4F78-A137-015E382271F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "228B8913-D50A-4645-9519-1633D0ACA44C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A38DFC7-0B96-43F8-88EE-7F8CD29CD41B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00F10D4F-B0A5-4E40-B3AA-47838343D8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB194228-212C-499F-A3C6-147B5CD89581",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D2023D-F6A3-4E44-B8C3-4B694A629B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48467B08-08D3-4129-9687-A0EC01920694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A162A9A1-5FF5-47A3-BC80-9577FC8EE00A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C7DA64E-DAC8-4DE5-8EB7-2FCAD88A8E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.5 y 7.6 podr\u00eda permitir que un usuario autenticado manipulase \u00f3rdenes de trabajo para falsificar correos electr\u00f3nicos. Esto podr\u00eda emplearse para llevar a cabo ataques m\u00e1s avanzados. IBM X-Force ID: 126684."
    }
  ],
  "id": "CVE-2017-1357",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-09T18:29:01.497",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100214"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-27 05:59
Modified
2025-04-12 10:46
Severity ?
4.1 (Medium) - CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21974537Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21974537Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.5.0.9
ibm maximo_asset_management 7.6
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_asset_management 7.6.0.3
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.1
ibm maximo_asset_management_essentials 7.5.0.2
ibm maximo_asset_management_essentials 7.5.0.3
ibm maximo_asset_management_essentials 7.5.0.4
ibm maximo_asset_management_essentials 7.5.0.5
ibm maximo_asset_management_essentials 7.5.0.6
ibm maximo_asset_management_essentials 7.5.0.7
ibm maximo_asset_management_essentials 7.5.0.8
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.6
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7197C12C-5CD7-4F7D-8B38-F792FAABC1FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EE096D4-40A8-4FD8-905C-3B13476BF748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E369397-1BC9-42E3-94AB-1CDB01D4838C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.9 IFIX002 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.9 IFIX002, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos permiten a usuarios locales obtener informaci\u00f3n sensible aprovechando privilegios administrativos y leyendo archivos de registro."
    }
  ],
  "id": "CVE-2015-7487",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-27T05:59:01.260",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-06-13 19:29
Modified
2025-04-20 01:37
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21998608Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/120276Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21998608Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/120276Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276."
    },
    {
      "lang": "es",
      "value": "Maximo Asset Management versiones 7.5 y 7.6 de IBM, podr\u00eda permitir a un atacante identificado remoto ejecutar comandos arbitrarios en el sistema como administrador. ID de IBM X-Force: 120276."
    }
  ],
  "id": "CVE-2016-9984",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-13T19:29:00.207",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21998608"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21998608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120276"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-02-18 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21694974Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/99605
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21694974Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/99605
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management_essentials 7.1
ibm maximo_for_government 7.1
ibm maximo_for_life_sciences 7.1
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_transportation 7.1
ibm maximo_for_utilities 7.1
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1
ibm tivoli_service_request_manager 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1 hasta 7.1.1.8, y Maximo Asset Management 7.1 hasta 7.1.1.8 y 7.2 para Tivoli IT Asset Management para IT y ciertos otros productos, permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2015-0104, CVE-2015-0107, y CVE-2015-0109."
    }
  ],
  "id": "CVE-2015-0108",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-02-18T02:59:00.047",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99605"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://secunia.com/advisories/55070
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV36375Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/84845
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55070
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV36375Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/84845
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 6.2 hasta la versi\u00f3n 6.2.8, 7.1 hasta 7.1.1.12, y 7.5 anterior a la versi\u00f3n 7.5.0.3 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2013-3048",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-10-01T11:14:43.717",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV36375"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84845"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV36375"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84845"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-07-17 22:59
Modified
2025-04-12 10:46
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21986053Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/91744
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21986053Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/91744
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.5.0.9
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_asset_management 7.6.0.3
ibm maximo_asset_management 7.6.0.4
ibm maximo_asset_management 7.6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29858665-FA68-4EDE-A0E7-6C79E8786871",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5B7CA3C-5F9B-45A3-80AC-F5A4E190CC37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.10-TIV-MBS-IFIX002 y 7.6 en versiones anteriores a 7.6.0.5-TIV-MAMMT-FP001 permite a atacantes remotos obtener informaci\u00f3n sensible de URL leyendo archivos de registro."
    }
  ],
  "id": "CVE-2016-0393",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-17T22:59:01.193",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986053"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/91744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/91744"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-08-24 10:29
Modified
2024-11-21 04:00
Severity ?
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/105189Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/145968VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10725805Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/105189Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/145968VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10725805Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12CF50F5-F353-40DF-B3BB-ADC75971D265",
              "versionEndIncluding": "7.6.3",
              "versionStartIncluding": "7.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management desde la versi\u00f3n 7.6 hasta la 7.6.3 es vulnerable a inyecci\u00f3n SQL. Un atacante remoto podr\u00eda enviar instrucciones SQL especialmente manipuladas que podr\u00edan permitirle visualizar, a\u00f1adir, modificar o borrar informaci\u00f3n en la base de datos del backend. IBM X-Force ID: 145968."
    }
  ],
  "id": "CVE-2018-1699",
  "lastModified": "2024-11-21T04:00:13.367",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-24T10:29:05.787",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105189"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145968"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10725805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10725805"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-08-29 09:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users.
References
psirt@us.ibm.comhttp://secunia.com/advisories/60408
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV56643
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21679918Vendor Advisory
psirt@us.ibm.comhttp://www.securitytracker.com/id/1030781
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/93063
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60408
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV56643
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21679918Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030781
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/93063
Impacted products
Vendor Product Version
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm smartcloud_control_desk 7.5.1.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en IBM Maximo Asset Management 7.1 hasta 7.1.1.12 y 7.5 hasta 7.5.0.6 y Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk permite a usuarios remotos autenticados secuestrar la autenticaci\u00f3n de usuarios arbitrarios."
    }
  ],
  "id": "CVE-2014-3024",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-08-29T09:55:07.713",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/60408"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56643"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679918"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1030781"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030781"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93063"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
psirt@us.ibm.comhttp://osvdb.org/85179
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV16085
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV16497
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/73534
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/85179
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/73534
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 6.2.0.0
ibm maximo_asset_management 7.1.0.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "789E00F7-D6CD-4F8C-B785-CB17DB11AEDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en IBM Maximo Asset Management 6.2 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a atacantes remotos secuestrar la autenticaci\u00f3n de las v\u00edctimas a trav\u00e9s de vectores no especificados desconocidos."
    }
  ],
  "id": "CVE-2012-0714",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-10T17:55:00.977",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://osvdb.org/85179"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/85179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73534"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2025-04-22 00:15
Modified
2025-08-13 00:44
Severity ?
3.8 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
References
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7231390Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.6.1.3 es vulnerable a server-side request forgery (SSRF). Esto podr\u00eda permitir que un atacante autenticado env\u00ede solicitudes no autorizadas desde el sistema, lo que podr\u00eda provocar la enumeraci\u00f3n de la red o facilitar otros ataques."
    }
  ],
  "id": "CVE-2025-2987",
  "lastModified": "2025-08-13T00:44:45.730",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.8,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 2.5,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-04-22T00:15:13.747",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7231390"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-06-05 01:15
Modified
2024-11-21 08:03
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/255074VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6999721Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6999747Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/255074VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6999721Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6999747Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_application_suite 8.8.0
ibm maximo_asset_management 7.6.1.2
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1328EB4A-2930-4617-9B01-B704A241FDEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.  IBM X-Force ID:  255074."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management v7.6.1.2, v7.6.1.3 e IBM Maximo Application Suite v8.8.0 almacenan informaci\u00f3n confidencial en par\u00e1metros de URL. Esto puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n si partes no autorizadas tienen acceso a las URL a trav\u00e9s de los registros del servidor, el encabezado de referencia o el historial del navegador. IBM X-Force ID: 255074. "
    }
  ],
  "id": "CVE-2023-32334",
  "lastModified": "2024-11-21T08:03:08.187",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-05T01:15:45.960",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255074"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6999721"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6999747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6999721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6999747"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-07-30 11:15
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.
References
psirt@us.ibm.comhttp://secunia.com/advisories/59570
psirt@us.ibm.comhttp://secunia.com/advisories/59640
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV57241
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21678754Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/93064
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59570
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59640
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21678754Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/93064
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management_essentials *
ibm maximo_asset_management_essentials 6.2.0.0
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.1
ibm maximo_asset_management_essentials 7.5.0.2
ibm maximo_asset_management_essentials 7.5.0.3
ibm maximo_asset_management_essentials 7.5.0.4
ibm maximo_asset_management_essentials 7.5.0.5
ibm maximo_for_government *
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_life_sciences *
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_nuclear_power *
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_oil_and_gas *
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_transportation *
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_utilities *
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_service_desk *
ibm smartcloud_control_desk *
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm smartcloud_control_desk 7.5.1.2
ibm tivoli_it_asset_management_for_it *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8, 6.x y 7.1 hasta 7.1.1.2 y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2 hasta 6.2.8, 7.1 hasta 7.1.1.2 y 7.2 para Tivoli Asset Management for IT y ciertos otros productos permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de entradas no especificadas en un fichero .jsp bajo webclient/utility/."
    }
  ],
  "id": "CVE-2014-3025",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-30T11:15:33.380",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://secunia.com/advisories/55070
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV32526
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/87157
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55070
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV32526
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/87157
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.2 hasta la versi\u00f3n 6.2.8, 7.1 anterior a la versi\u00f3n 7.1.1.12, y 7.5 anterior a 7.5.0.5 permite a atacantes remotos evadir restricciones de acceso intencionadas a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2013-5395",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-01T11:14:44.187",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32526"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32526"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87157"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-11-11 16:15
Modified
2024-11-18 16:33
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7174818Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.6.1.3 es vulnerable a Cross Site Scripting almacenado. Esta vulnerabilidad permite a los usuarios autenticados incorporar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2024-45088",
  "lastModified": "2024-11-18T16:33:34.060",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-11-11T16:15:14.950",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7174818"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-11-08 22:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21968191Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21968191Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.5.0.9
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_government 7.5.0.6
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_life_sciences 7.5.0.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_nuclear_power 7.5.0.6
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_oil_and_gas 7.5.0.6
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_transportation 7.5.0.6
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_for_utilities 7.5.0.6
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.6
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.2.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM M\u00e1ximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.9 FP009 y 7.6.0 en versiones anteriores a 7.6.0.2 IFIX001; M\u00e1ximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.9 FP009, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.2 IFIX001 para SmartCloud Control Desk; y M\u00e1ximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos tienen una cuenta de administrador por defecto, lo que hace m\u00e1s f\u00e1cil a usuarios remotos autenticados obtener acceso a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-4966",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-11-08T22:59:13.077",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5383.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://secunia.com/advisories/55070
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV40210Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/86933
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55070
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV40210Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/86933
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5383."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.2 hasta la versi\u00f3n 6.2.8, 7.1 anterior a 7.1.1.12, y 7.5 anterior a la versi\u00f3n 7.5.0.5 permite a usuarios remotos autenticados obtener privilegios a trav\u00e9s de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-5383."
    }
  ],
  "id": "CVE-2013-5382",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-01T11:14:44.123",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40210"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86933"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86933"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-03-14 01:59
Modified
2025-04-12 10:46
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21976949Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21976949Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_asset_management 7.6.0.3
ibm smartcloud_control_desk -
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_asset_management 7.6.0.3
ibm maximo_for_government -
ibm maximo_for_life_sciences -
ibm maximo_for_nuclear_power -
ibm maximo_for_oil_and_gas -
ibm maximo_for_transportation -
ibm maximo_for_utilities -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6952A03A-657B-4CE9-8C85-1EBEB6D090FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0660482-340B-4FDA-8F0A-323BE0167800",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E7B2B1-2746-40A4-83FC-DCEDE8B607BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "55DB8F6D-F7DB-485B-80D9-368188F2E858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "537D5FEA-7809-4CB6-9D71-FC3C408B2611",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE303C7-7873-4754-926D-122FD45337FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.6 en versiones anteriores a 7.6.0.3 IFIX001 permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y leer registros de trabajo de \u00f3rdenes de compra arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-0222",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-03-14T01:59:01.467",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-15 14:15
Modified
2024-11-21 05:32
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/182436VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6332589Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/182436VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6332589Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management *
ibm maximo_asset_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F5BFFD-3CDA-4008-858E-2E4DDF67C8AF",
              "versionEndExcluding": "7.6.0.10",
              "versionStartIncluding": "7.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBFA44BB-1524-4330-A5DF-BDA56F1CE69B",
              "versionEndExcluding": "7.6.1.2",
              "versionStartIncluding": "7.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo cross-site request forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que conf\u00eda el sitio web. IBM X-Force ID: 182436"
    }
  ],
  "id": "CVE-2020-4526",
  "lastModified": "2024-11-21T05:32:50.863",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-15T14:15:14.520",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182436"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6332589"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182436"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6332589"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-03-13 03:12
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/48299
psirt@us.ibm.comhttp://secunia.com/advisories/48305
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV09194
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/52333
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/72001
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48305
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21584666Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/72001
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management_essentials 6.2
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm trivoli_service_request_manager 7.1
ibm trivoli_service_request_manager 7.2
ibm maximo_service_desk 6.2
ibm tivoli_change_and_configuration_management_database 6.2
ibm tivoli_change_and_configuration_management_database 7.1
ibm tivoli_change_and_configuration_management_database 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5878EF6C-4C54-4BFB-A58A-DBBB96664E8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FF0043-7A28-4ECB-9888-6FB057A766B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33DD3C44-B7B9-4FFF-8445-7C2C084F7DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4D3BE7-A7F0-431D-BB07-28DC94E8590F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A53DB8A-5966-4D70-A254-C098DB12B0B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en el componente KPI de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5; IBM Tivoli Asset Management para IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change y Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2 permite a usuarios autenticados remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2011-4816",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-13T03:12:26.040",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-04-21 17:15
Modified
2024-11-21 06:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224164.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/224164VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6573667Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/224164VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6573667Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224164."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6.1.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales en una sesi\u00f3n confiable. IBM X-Force ID: 224164"
    }
  ],
  "id": "CVE-2022-22436",
  "lastModified": "2024-11-21T06:46:47.927",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-21T17:15:08.493",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224164"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6573667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6573667"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV30384
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80747
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80747
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management_essentials 6.2.0.0
ibm maximo_asset_management_essentials 7.5.0.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.1.0.0
ibm tivoli_service_request_manager 7.2.0.0
ibm maximo_service_desk 6.2
ibm change_and_configuration_management_database 7.1.
ibm change_and_configuration_management_database 7.2.0
ibm smartcloud_control_desk 7.5.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.:*:*:*:*:*:*:*",
              "matchCriteriaId": "13CD271A-72E0-4730-A936-87B5122D9E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.2 a 7.5, Maximo Asset Management Essentials 6.2 a 7.5, Tivoli Asset Management for IT 6.2 a 7.2, Tivoli Service Request 7,1 y 7,2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, y SmartCloud Control Desk 7.5, permiten a usuarios remotos autenticados obtener privilegios a trav\u00e9s de vectores relacionados con una orden de trabajo."
    }
  ],
  "id": "CVE-2012-6355",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-20T12:09:22.473",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-06 01:29
Modified
2024-11-21 04:43
Severity ?
2.1 (Low) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/156311VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10880147Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/156311VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10880147Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm control_desk 7.6.0
ibm control_desk 7.6.0.1
ibm control_desk 7.6.1
ibm maximo_asset_management 7.6
ibm maximo_for_aviation 7.6
ibm maximo_for_aviation 7.6.1
ibm maximo_for_aviation 7.6.2
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.0
ibm maximo_for_oil_and_gas 7.6.0
ibm maximo_for_transportation 7.6.1
ibm maximo_for_transportation 7.6.2
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6
ibm smartcloud_control_desk -
ibm tivoli_integration_composer -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6 podr\u00eda permitir a un usuario f\u00edsico del sistema obtener informaci\u00f3n confidencial de un usuario anterior de la misma m\u00e1quina. ID de IBM X-Force: 156311."
    }
  ],
  "id": "CVE-2019-4048",
  "lastModified": "2024-11-21T04:43:05.247",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-06T01:29:00.290",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-09-12 21:29
Modified
2025-04-20 01:37
Severity ?
5.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22006650Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/100697Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/126538Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22006650Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/100697Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/126538Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.5 y 7.6 podr\u00eda permitir que un usuario autenticado inyecte comandos en \u00f3rdenes de trabajo que podr\u00edan ser ejecutadas por otro usuario que descargue el archivo afectado. IBM X-Force ID: 126538."
    }
  ],
  "id": "CVE-2017-1352",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-12T21:29:00.237",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006650"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100697"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006650"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126538"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-05-12 14:15
Modified
2024-11-21 04:43
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/163998VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6208436Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/163998VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6208436Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.1
ibm maximo_asset_management 7.6.1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30EAD1D0-E949-488E-81BE-0C49C0E93757",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0, y 7.6.1,  podr\u00eda permitir a un usuario autenticado obtener informaci\u00f3n altamente confidencial a la que no deber\u00eda tener acceso normalmente. IBM X-Force ID: 163998."
    }
  ],
  "id": "CVE-2019-4478",
  "lastModified": "2024-11-21T04:43:39.143",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-12T14:15:12.237",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163998"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6208436"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6208436"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-02-20 17:15
Modified
2024-11-21 04:43
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/167289VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/3002121Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/167289VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/3002121Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.0.10
ibm maximo_asset_management 7.6.1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B72C1B8-D7C3-4ACB-9830-73DC861C7AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0.10 y 7.6.1.1, podr\u00eda permitir a un usuario autenticado obtener informaci\u00f3n confidencial a partir de un rastro de la pila que podr\u00eda ser usado para ayudar en futuros ataques. ID de IBM X-Force: 167289."
    }
  ],
  "id": "CVE-2019-4583",
  "lastModified": "2024-11-21T04:43:46.227",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-20T17:15:12.947",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167289"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/3002121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/3002121"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-04-05 17:59
Modified
2025-04-12 10:46
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21979519Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21979519Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.5.0.9
ibm maximo_asset_management 7.6
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_asset_management 7.6.0.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "shiprec.xml en la aplicaci\u00f3n SHIPREC en IBM Maximo Asset Management 7.1 y 7.5 en versiones anteriores a 7.5.0.10 y 7.6 en versiones anteriores a 7.6.0.4 permite a usuarios remotos autenticados eludir las restricciones destinadas a la selecci\u00f3n de elemento a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-0289",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-04-05T17:59:06.677",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979519"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-29 14:15
Modified
2024-11-21 05:32
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Summary
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/181484VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6253953Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/181484VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6253953Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0.1 y 7.6.0.2, es vulnerable a un ataque de Inyecci\u00f3n de XML External Entity (XXE) al procesar datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n confidencial o consumir recursos de memoria. IBM X-Force ID: 181484"
    }
  ],
  "id": "CVE-2020-4463",
  "lastModified": "2024-11-21T05:32:45.917",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-29T14:15:13.020",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181484"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6253953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181484"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6253953"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-04-21 17:15
Modified
2024-11-21 06:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/224162VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6573669Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/224162VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6573669Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6.1.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales en una sesi\u00f3n confiable"
    }
  ],
  "id": "CVE-2022-22435",
  "lastModified": "2024-11-21T06:46:47.807",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-21T17:15:08.363",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224162"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6573669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224162"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6573669"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-07-17 14:15
Modified
2024-11-21 04:43
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/162887VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10959173Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/162887VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10959173Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6 podr\u00eda permitir que un atacante remoto salte directorios en el sistema. Un atacante podr\u00eda enviar una petici\u00f3n URL especialmente dise\u00f1ada que contenga secuencias \"punto punto\" (/../) para visualizar archivos arbitrarios en el sistema. IBM X-Force ID:162887."
    }
  ],
  "id": "CVE-2019-4430",
  "lastModified": "2024-11-21T04:43:36.067",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-17T14:15:12.117",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162887"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10959173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162887"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10959173"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-08-16 13:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/147003VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=swg22017453Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/147003VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=swg22017453Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "486FC804-FE9B-463E-84AF-91886728BC88",
              "versionEndIncluding": "7.6.3.0",
              "versionStartExcluding": "7.6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management desde la versi\u00f3n 7.6 hasta la 7.6.3 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 147003."
    }
  ],
  "id": "CVE-2018-1715",
  "lastModified": "2024-11-21T04:00:14.577",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-16T13:29:00.263",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147003"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22017453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22017453"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-05-03 17:59
Modified
2025-04-20 01:37
Severity ?
8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22002018Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/98305Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22002018Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/98305Broken Link
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1, 7.5, y 7.6 podr\u00eda permitir a un atacante remoto incluir ficheros arbitrarios. Un atacante remoto podr\u00eda enviar peticiones URL especialmente dise\u00f1adas para ejecutar c\u00f3digo abritrario en el servidor afectado. IBM X-Force ID: 120252."
    }
  ],
  "id": "CVE-2016-9976",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-03T17:59:00.220",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/98305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/98305"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-12-13 18:29
Modified
2025-04-20 01:37
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22010595Issue Tracking, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/102211Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/131548Issue Tracking, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22010595Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102211Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/131548Issue Tracking, VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6
ibm maximo_asset_management_essentials 7.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management en sus versiones 7.5 y 7.6 podr\u00eda permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirecci\u00f3n abierta. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecer\u00eda de confianza. Esto podr\u00eda permitir que el atacante obtuviese informaci\u00f3n sumamente sensible o que llevase a cabo m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 131548."
    }
  ],
  "id": "CVE-2017-1558",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-13T18:29:00.317",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102211"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102211"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-11-20 17:15
Modified
2024-11-21 04:43
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/165586VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1108503Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/165586VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1108503Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.1
ibm maximo_asset_management 7.6.1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30EAD1D0-E949-488E-81BE-0C49C0E93757",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6, 7.6.1 y 7.6.1.1, podr\u00eda permitir a un usuario autenticado eliminar un registro que normalmente no deber\u00eda ser capaz de hacerlo. ID de IBM X-Force: 165586."
    }
  ],
  "id": "CVE-2019-4530",
  "lastModified": "2024-11-21T04:43:41.517",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-20T17:15:11.707",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165586"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1108503"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1108503"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2025-04-25 12:15
Modified
2025-08-13 00:39
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7231785Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.6.1.3 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a un usuario privilegiado incrustar c\u00f3digo JavaScript arbitrario en la interfaz web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales en una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2025-2986",
  "lastModified": "2025-08-13T00:39:06.453",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-04-25T12:15:17.083",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7231785"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV19887
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/75780
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75780
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 7.1.0.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en IBM Maximo Asset Management 7.1 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de vectores no especificados."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/384.html \u0027CWE-384: Session Fixation\u0027",
  "id": "CVE-2012-2184",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-10T17:55:01.413",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-02 05:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21972423Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21972423Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_government 7.5
ibm maximo_for_life_sciences 7.5
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_transportation 7.5
ibm maximo_for_utilities 7.5
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 IF2 y 7.6 en versiones anteriores a 7.6.0.3 FP3 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 IF2, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.3 FP3 para SmartCloud Control Desk permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
    }
  ],
  "id": "CVE-2015-7451",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-02T05:59:08.797",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-26 14:15
Modified
2024-11-21 05:32
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/175121VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6238376Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/175121VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6238376Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.0.10
ibm maximo_asset_management 7.6.1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B72C1B8-D7C3-4ACB-9830-73DC861C7AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0.10 y 7.6.1.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo arbitrario de JavaScript en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 175121"
    }
  ],
  "id": "CVE-2020-4223",
  "lastModified": "2024-11-21T05:32:25.230",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-26T14:15:10.713",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175121"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6238376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6238376"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-10-04 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21964855Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21964855Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_government 7.5.0.6
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_life_sciences 7.5.0.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_nuclear_power 7.5.0.6
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_oil_and_gas 7.5.0.6
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_transportation 7.5.0.6
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_for_utilities 7.5.0.6
ibm smartcloud_control_desk 7.5
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.2.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX002 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX002 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos no cifran adecuadamente las contrase\u00f1as, lo que facilita a atacantes dependientes del contexto determinar contrase\u00f1as en texto plano aprovechando el acceso a un archivo de contrase\u00f1a."
    }
  ],
  "id": "CVE-2015-1934",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-04T02:59:01.660",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-04-24 06:59
Modified
2025-04-20 01:37
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21694974Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/97998Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21694974Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/97998Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management_essentials 7.1
ibm maximo_for_government 7.1
ibm maximo_for_life_sciences 7.1
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_transportation 7.1
ibm maximo_for_utilities 7.1
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1
ibm tivoli_service_request_manager 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Tivoli IT Asset Management para IT, Tivoli Service Request Manager, y Change y Configuration Management Database 7.1 en versiones hasta 7.1.1.8 y 7.2 y Maximo Asset Management y Maximo Industry Solutions 7.1 en versiones hasta 7.1.1.8, 7.5 en versiones anteriores a 7.5.0.7 IFIX003, y 7.6 en versiones anteriores a 7.6.0.0 IFIX002 permite a los usuarios autenticados remotos realizar ataques de desplazamiento de directorios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-0107",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-24T06:59:00.413",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97998"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-02-14 15:29
Modified
2024-11-21 03:21
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22012781Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/129106VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22012781Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/129106VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management_essentials 7.5.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.5 y 7.6 podr\u00eda permitir que un atacante remoto incluya archivos arbitrarios y, como consecuencia, ejecute c\u00f3digo en el servidor Web vulnerable. IBM X-Force ID: 129106."
    }
  ],
  "id": "CVE-2017-1499",
  "lastModified": "2024-11-21T03:21:58.850",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-14T15:29:00.207",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-10-06 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21963973Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21963973Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_government 7.5.0.6
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_life_sciences 7.5.0.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_nuclear_power 7.5.0.6
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_oil_and_gas 7.5.0.6
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_transportation 7.5.0.6
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_for_utilities 7.5.0.6
ibm smartcloud_control_desk 7.5
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.2.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX003 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX003 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
    }
  ],
  "id": "CVE-2015-4944",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-10-06T01:59:09.313",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV42682
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/85794
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV42682
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/85794
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.1 anterior a la versi\u00f3n 7.1.1.12 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2013-4017",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-01T11:14:43.890",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42682"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42682"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85794"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21991893Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/94355Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21991893Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94355Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.0.0
ibm maximo_for_aviation -
ibm maximo_for_life_sciences -
ibm maximo_for_nuclear_power -
ibm maximo_for_oil_and_gas -
ibm maximo_for_transportation -
ibm maximo_for_utilities -
ibm smartcloud_control_desk -
ibm tivoli_asset_management_for_it -
ibm tivoli_change_and_configuration_management_database -
ibm tivoli_integration_composer -
ibm tivoli_service_request_manager -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3823051F-FD38-4874-8692-9744B82E65A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0660482-340B-4FDA-8F0A-323BE0167800",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E7B2B1-2746-40A4-83FC-DCEDE8B607BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "55DB8F6D-F7DB-485B-80D9-368188F2E858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "537D5FEA-7809-4CB6-9D71-FC3C408B2611",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE303C7-7873-4754-926D-122FD45337FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "54804AB9-79D4-45F8-98A3-B7D441849321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "82C3D17D-CAA1-4ACE-9FF1-76FC9735ED67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57A2B9AC-D5F8-4143-B1A5-4E26CCBCB3E2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-6072",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:02.177",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94355"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-07-02 14:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21984134Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21984134Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.3
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.5.0.9
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management 7.6.0.4
ibm maximo_asset_management 7.6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F919705D-1394-4443-BE46-117F41A38D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29858665-FA68-4EDE-A0E7-6C79E8786871",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5B7CA3C-5F9B-45A3-80AC-F5A4E190CC37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5 en versiones anteriores a 7.5.0.9 IFIX007 y 7.6 en versiones anteriores a 7.6.0.5 FP005 permite a usuarios remotos autenticados inyectar secuencia de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
    }
  ],
  "id": "CVE-2016-0399",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-02T14:59:04.193",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984134"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-08-26 18:15
Modified
2024-11-21 07:11
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/231116VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6615273Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/231116VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6615273Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.1
ibm maximo_asset_management 7.6.1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 231116."
    }
  ],
  "id": "CVE-2022-35714",
  "lastModified": "2024-11-21T07:11:32.383",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-26T18:15:09.127",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/231116"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6615273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/231116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6615273"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-02-17 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21694035Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/98605
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21694035Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/98605
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.0.5
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1
ibm tivoli_service_request_manager 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en un formulario web no especificado en IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5.0 anterior a 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s de un .. (punto punto) en un nombre de ruta."
    }
  ],
  "id": "CVE-2014-6194",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-02-17T01:59:01.317",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV20590
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21625624
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/81011
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21625624
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/81011
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.0
ibm smartcloud_control_desk 7.5.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management v7.5, Maximo Asset Management Essentials v7.5, y SmartCloud Control Desk v7.5 que permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con un identificador de sesi\u00f3n de la interfaz de usuario (uisessionid)."
    }
  ],
  "id": "CVE-2013-0457",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-20T12:09:22.630",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81011"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV53952
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90738
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV53952
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/90738
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.x anterior a 7.5.0.3 IFIX027 y SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 permiten a usuarios remotos autenticados ganar privilegios mediante el aprovechamiento de la pertenencia a dos grupos de seguridad."
    }
  ],
  "id": "CVE-2014-0849",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T16:55:03.190",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53952"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90738"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-03-27 17:29
Modified
2024-11-21 02:32
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21971160Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/106460VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21971160Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/106460VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_aviation 7.6
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5
ibm maximo_for_transportation 7.6
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5
ibm maximo_for_life_sciences 7.6
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5
ibm control_desk 7.5
ibm control_desk 7.6
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1
ibm tivoli_service_request_manager 7.2
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7759191C-5D16-4937-BC80-5A47FE4F9DD1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E903B1-43FE-4120-95E1-2108B630D49B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6282F8E2-9EFD-4CBE-8732-22659413B149",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1, 7.5 y 7.6; Maximo Asset Management Essentials 7.1 y 7.5; Control Desk 7.5 y 7.6; Tivoli Asset Management for IT 7.1 y 7.2; as\u00ed como otros productos de IBM permiten que usuarios autenticados remotos omitan las restricciones de acceso previstas y lean entradas del registro de tareas de tickets arbitrarias mediante vectores sin especificar. IBM X-Force ID: 106460."
    }
  ],
  "id": "CVE-2015-5016",
  "lastModified": "2024-11-21T02:32:11.047",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-27T17:29:00.337",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-05-26 16:29
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22003413Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/125152Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22003413Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/125152Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6
ibm maximo_asset_management_essentials 7.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152."
    },
    {
      "lang": "es",
      "value": "Maximo Asset Management versiones 7.5 y 7.6 de IBM, es vulnerable a ataques de divisi\u00f3n de respuestas HTTP. Un atacante remoto podr\u00eda explotar esta vulnerabilidad usando una URL especialmente dise\u00f1ada para causar que el servidor devuelva una respuesta dividida, una vez que se haga clic en la URL. Esto permitir\u00eda al atacante realizar nuevos ataques, como envenenamiento de cach\u00e9 web, cross-Site scripting y, posiblemente, obtener informaci\u00f3n confidencial. ID de IBM X-Force: 125152."
    }
  ],
  "id": "CVE-2017-1291",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-26T16:29:00.163",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-08-06 14:29
Modified
2024-11-21 03:59
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/105023Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/142290VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=swg22017450Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/105023Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/142290VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=swg22017450Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management *
ibm maximo_for_aviation 7.6.0.0
ibm maximo_for_aviation 7.6.1.0
ibm maximo_for_aviation 7.6.2.0
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3.0
ibm maximo_for_life_sciences 7.6.0.0
ibm maximo_for_nuclear_power 7.6.0.0
ibm maximo_for_oil_and_gas 7.6.0.0
ibm maximo_for_transportation 7.6.1.0
ibm maximo_for_transportation 7.6.2.0
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6.0.0
ibm smartcloud_control_desk 7.6.0.0
ibm smartcloud_control_desk 7.6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DCFD28A-B0AD-4FA5-9774-A92220F29970",
              "versionEndIncluding": "7.6.3.0",
              "versionStartIncluding": "7.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60F3899C-18C5-4A64-92EC-83C73EBEE057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "95583119-EC0D-4C54-BDA3-8E02A2466870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "305E7DA7-1E2E-407A-9362-CF57C0D4AD6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B780FAB9-B58D-4622-B2B4-97662B9421CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBA93D8B-45B2-445C-85CB-FB594D1746F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F39E45D-3415-45E2-9852-46C0AA109B72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651E3E5-5A2C-468E-B686-662DDC162644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B428BE8-BDFF-488A-91E8-E70613589640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FCC6013-BE3C-4C7D-BA7A-49529F0697C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB777BBB-7969-4D0D-89A6-C0E2FC9B2569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "800B9C4C-70D7-4E3D-86BD-1855B14910F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B1037D-F4D1-4CD6-BBD7-6E72EB4A1620",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management, desde la versi\u00f3n 7.6 hasta la 7.6.3, podr\u00eda permitir que un usuario autenticado obtenga informaci\u00f3n sensible desde la API WhoAmI. IBM X-Force ID: 142290."
    }
  ],
  "id": "CVE-2018-1528",
  "lastModified": "2024-11-21T03:59:57.927",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-06T14:29:00.653",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105023"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://secunia.com/advisories/55070
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV42684Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/85795
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55070
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV42684Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/85795
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.2 hasta la versi\u00f3n 6.2.8, 7.1 anterior a 7.1.1.12, y 7.5 anterior a la versi\u00f3n 7.5.0.5 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2013-4018",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-10-01T11:14:43.907",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42684"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85795"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-04-17 14:15
Modified
2024-11-21 04:44
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/173308VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6193479Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/173308VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6193479Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm control_desk 7.6.1
ibm control_desk 7.6.1.1
ibm maximo_asset_configuration_manager 7.6.6
ibm maximo_asset_configuration_manager 7.6.7
ibm maximo_asset_configuration_manager 7.6.7.1
ibm maximo_asset_health_insights 7.6.1
ibm maximo_asset_health_insights 7.6.1.1
ibm maximo_asset_management 7.6.1.1
ibm maximo_asset_management_scheduler 7.6.7
ibm maximo_asset_management_scheduler 7.6.7.1
ibm maximo_asset_management_scheduler 7.6.7.3
ibm maximo_asset_management_scheduler_plus 7.6.7
ibm maximo_asset_management_scheduler_plus 7.6.7.1
ibm maximo_asset_management_scheduler_plus 7.6.7.3
ibm maximo_calibration 7.6
ibm maximo_enterprise_adapter 7.6
ibm maximo_enterprise_adapter 7.6.1
ibm maximo_equipment_maintenance_assistant -
ibm maximo_for_aviation 7.6.6
ibm maximo_for_aviation 7.6.7
ibm maximo_for_aviation 7.6.8
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.1
ibm maximo_for_oil_and_gas 7.6.1
ibm maximo_for_service_providers 7.6.3.1
ibm maximo_for_service_providers 7.6.3.2
ibm maximo_for_service_providers 7.6.3.3
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_transportation 7.6.2.5
ibm maximo_for_utilities 7.6.0.1
ibm maximo_for_utilities 7.6.0.2
ibm maximo_linear_asset_manager 7.6.0.1
ibm maximo_linear_asset_manager 7.6.0.2
ibm maximo_linear_asset_manager 7.6.0.3
ibm maximo_network_on_blockchain 7.6.0.0
ibm maximo_network_on_blockchain 7.6.0.1
ibm maximo_spatial_asset_management 7.6.0.2
ibm maximo_spatial_asset_management 7.6.0.3
ibm maximo_spatial_asset_management 7.6.0.4
ibm maximo_spatial_asset_management 7.6.0.5
ibm tivoli_integration_composer 7.6.0.1
ibm tivoli_integration_composer 7.6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "830412EF-C21D-4455-9396-06222B32F61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B9EA821-8DC7-4D08-B516-CA8D0692DD29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31FDF238-C29E-4F15-AB54-C90226BC0A69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA8E3FBA-9DBB-487E-99AD-5E1119150D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4989C34-4B4E-4E53-A13E-13667DCBB19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDD061C9-2D80-48CF-B660-68948B03F3C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "28402BF3-15EC-41F5-AD53-EC196CF3F345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "81A99155-0D86-4998-AC74-2FECE3AF277F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "69E511EF-7DE6-42CA-848C-E0FF2D04AB19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5021AA5-A4D4-4E5F-85A8-CFF038EBD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B80B0192-3ECE-4B44-B060-F6CE54A744C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_calibration:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "768BB000-6ED2-4289-8BCA-66981EC95BB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A20FB3-C352-4F5C-BD5A-5814BBA837DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C2AB76-29C5-46BD-ABAD-37913D3A4675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_equipment_maintenance_assistant:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEED2F57-E98D-479E-8303-2188AFA0C70B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4317DA0E-678D-468F-8BE4-8BA20C01C588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB202BE-FF6E-49AC-84FF-F454361E5D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C05DA047-26F7-413E-8259-5F88C08AE2B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "532219AE-9F4D-49B0-A625-A690C9E8A7DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "160EE7B0-4F54-41F7-9266-C22776783BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19405179-FDEF-4207-B12F-C39D49B49F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBE6121-5166-4C7A-B4BA-4D5F46720EC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F66129CF-729D-4120-912E-E8109CF1E237",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BDF6664-537E-4CF8-9CCA-7C4746DE9B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F416A57-7B00-411D-B2D5-5BCB434568DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "73EEADC8-01D0-4D80-83E4-1643603485CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C84F5F-C612-4A0A-AD91-A4335496E934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C32832CB-63FC-4F9E-81A4-3A8CE2F98319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D23F86AC-2C39-42DC-83EF-3BA2DBF99A1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E6CFC29-9FD2-4BE5-9A66-6FA6F94C0D7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BC0DF05-9B84-45B8-924E-E4CB672F7C45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D799591-F5D0-4B17-AE32-ABED616A65AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "095BBF20-1C8F-4FBC-8D72-3A3DB5A3F68F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0B3B2C5-E8D0-48A1-9837-40A627D7E742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E59EA84-F607-404B-A392-7D68C5672B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "797807D9-2137-414A-BB28-46DBC0288161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8708C64F-7940-46E7-94FB-1D1CF3B864B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista, conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 173308."
    }
  ],
  "id": "CVE-2019-4749",
  "lastModified": "2024-11-21T04:44:06.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-17T14:15:17.957",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6193479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6193479"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-03-02 21:15
Modified
2024-11-21 07:11
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230958.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/230958VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6959353Patch, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6959355Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/230958VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6959353Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6959355Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_application_suite 8.8.0
ibm maximo_application_suite 8.9.0
ibm maximo_asset_management 7.6.1.1
ibm maximo_asset_management 7.6.1.2
ibm maximo_asset_management 7.6.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1328EB4A-2930-4617-9B01-B704A241FDEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D96505-30A8-4645-B15F-09DE986BF730",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  230958."
    }
  ],
  "id": "CVE-2022-35645",
  "lastModified": "2024-11-21T07:11:25.570",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-02T21:15:10.140",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230958"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6959353"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6959355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230958"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6959353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6959355"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-15 14:15
Modified
2024-11-21 05:32
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/182396VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6332587Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/182396VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6332587Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management *
ibm maximo_asset_management *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F5BFFD-3CDA-4008-858E-2E4DDF67C8AF",
              "versionEndExcluding": "7.6.0.10",
              "versionStartIncluding": "7.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBFA44BB-1524-4330-A5DF-BDA56F1CE69B",
              "versionEndExcluding": "7.6.1.2",
              "versionStartIncluding": "7.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, podr\u00eda permitir a un atacante autenticado remoto ejecutar c\u00f3digo arbitrario en el sistema, causado por una deserializaci\u00f3n no segura en Java.\u0026#xa0;Al enviar una petici\u00f3n especialmente dise\u00f1ada, un atacante podr\u00eda explotar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el sistema. IBM X-Force ID: 182396"
    }
  ],
  "id": "CVE-2020-4521",
  "lastModified": "2024-11-21T05:32:50.383",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-15T14:15:14.427",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182396"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6332587"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182396"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6332587"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-06-07 17:29
Modified
2025-04-20 01:37
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22003981Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/98786Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/120253VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22003981Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/98786Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/120253VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 120253."
    },
    {
      "lang": "es",
      "value": "Maximo Asset Management versiones 7.1, 7.5 y 7.6 de IBM, podr\u00eda permitir a un atacante remoto secuestrar la sesi\u00f3n de usuario, causado por un fallo para invalidar un identificador de sesi\u00f3n existente. Un atacante podr\u00eda explotar esta vulnerabilidad para conseguir acceso a la sesi\u00f3n de otro usuario. ID de IBM X-Force: 120253."
    }
  ],
  "id": "CVE-2016-9977",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-07T17:29:00.677",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98786"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-05-19 20:15
Modified
2024-11-21 05:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195522.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/195522VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6454205Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/195522VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6454205Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.0
ibm maximo_asset_management 7.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0CA9420-81DA-46BA-9E9D-839E226C868F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30EAD1D0-E949-488E-81BE-0C49C0E93757",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195522."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a ataques de tipo cross-site scripting almacenado.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 195522"
    }
  ],
  "id": "CVE-2021-20374",
  "lastModified": "2024-11-21T05:46:29.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-19T20:15:07.310",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195522"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6454205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6454205"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3049.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV37459
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/84848
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV37459
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/84848
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3049."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.12 y 7.5 anterior a 7.5.0.5 permite a usuarios remotos autenticados evitar restricciones de acceso intencionadas a trav\u00e9s de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-3049."
    }
  ],
  "id": "CVE-2013-3971",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-01T11:14:43.767",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV37459"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV37459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84848"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-10-06 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21966181Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21966181Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_government 7.5.0.6
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_life_sciences 7.5.0.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_nuclear_power 7.5.0.6
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_oil_and_gas 7.5.0.6
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_transportation 7.5.0.6
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_for_utilities 7.5.0.6
ibm smartcloud_control_desk 7.5
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.2.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX002 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management para IT y otros ciertos productos permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-4967",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-06T01:59:12.640",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-10-02 00:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21685289Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/94757
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21685289Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/94757
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.0.5
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1
ibm tivoli_service_request_manager 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5 hasta 7.5.0.6, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos permiten a atacantes remotos obtener informaci\u00f3n sensible de directorios mediante la lectura de un mensaje de error no especificado."
    }
  ],
  "id": "CVE-2014-4765",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-02T00:55:03.763",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://secunia.com/advisories/55070
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV42775Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/85825
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55070
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV42775Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/85825
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.2 hasta la versi\u00f3n 6.2.8, 7.1 hasta 7.1.1.12, y 7.5 anterior a la versi\u00f3n 7.5.0.3 permite a usuarios remotos autenticados evitar restricciones de acceso intencionadas a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2013-4020",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-01T11:14:43.967",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42775"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85825"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-01 11:14
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors.
References
psirt@us.ibm.comhttp://osvdb.org/97924
psirt@us.ibm.comhttp://secunia.com/advisories/55068
psirt@us.ibm.comhttp://secunia.com/advisories/55070
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV23506
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/77920
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/97924
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55068
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55070
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV23506
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21651085Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/77920
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.2 anterior a la versi\u00f3n 6.2.8, 7.1 anterior a 7.1.1.12, y 7.5 anterior a la versi\u00f3n 7.5.0.3 permite a atacantes remotos obtener privilegios a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2012-3323",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-01T11:14:43.530",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://osvdb.org/97924"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23506"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/97924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23506"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV41871
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/85793
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/85793
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1.1.7
ibm change_and_configuration_management_database 7.1.1.11
ibm change_and_configuration_management_database 7.1.1.12
ibm maximo_service_desk 7.1.1.7
ibm maximo_service_desk 7.1.1.11
ibm maximo_service_desk 7.1.1.12
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_it_asset_management_for_it 7.1.1.7
ibm tivoli_it_asset_management_for_it 7.1.1.11
ibm tivoli_it_asset_management_for_it 7.1.1.12
ibm tivoli_service_request_manager 7.0
ibm tivoli_service_request_manager 7.1.0.0
ibm tivoli_service_request_manager 7.1.1
ibm tivoli_service_request_manager 7.1.1.7
ibm tivoli_service_request_manager 7.1.1.11
ibm tivoli_service_request_manager 7.1.1.12
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E15FC98-D8AB-4D9C-9842-85138A2FECF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "186498FC-A8BD-4EA3-96C7-1A21983BB2BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "396F80FF-BD2E-46A4-8A44-21CC35F42E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "67A0292F-FDFE-42A6-92FC-F26596C4D23C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8D102E6-18FF-4BC7-83BC-77946101864C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "63EA5235-E946-487D-A875-537B87B2638E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.x anterior a 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 anterior a IFIX.20140323-0749, 7.1.1.12 anterior a IFIX.20140321-1336, 7.5.x anterior a 7.5.0.3 IFIX027, 7.5.0.4 anterior a IFIX011 y 7.5.0.5 anterior a IFIX006; SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x anterior a 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 anterior a IFIX.20140207-1801 y 7.1.1.12 anterior a IFIX.20140218-1510 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de un informe Birt con una clausula WHERE en texto plano."
    }
  ],
  "id": "CVE-2013-4016",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T16:55:02.737",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}