Maximo For Life Sciences

maximo_for_life_sciences

Vendor: Ibm • 46 CVEs

CVEs (46)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-4409 1Ibm 20Control Desk Maximo Asset Configuration ManagerMaximo Asset Health Insights+17 more Nov 21, 2024 Sep 16, 2020 N/A· v4 8.2 HIGH· v3 5.8 MEDIUM· v2 IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could expl...Show more IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537.Show less
CVE-2019-4749 1Ibm 20Control Desk Maximo Asset Configuration ManagerMaximo Asset Health Insights+17 more Nov 21, 2024 Apr 17, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred...Show more IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308.Show less
CVE-2019-4644 1Ibm 20Control Desk Maximo Asset Configuration ManagerMaximo Asset Health Insights+17 more Nov 21, 2024 Apr 17, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred...Show more IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.Show less
CVE-2019-4446 1Ibm 19Control Desk Maximo Asset Configuration ManagerMaximo Asset Health Insights+16 more Nov 21, 2024 Apr 17, 2020 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.
CVE-2019-4745 1Ibm 7Maximo Asset Management Maximo For AviationMaximo For Life Sciences+4 more Nov 21, 2024 Feb 24, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883.
CVE-2019-4429 1Ibm 10Control Desk Maximo AnywhereMaximo For Aviation+7 more Nov 21, 2024 Feb 19, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea...Show more IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.Show less
CVE-2013-3323 1Ibm 13Change And Configuration Management Database Maximo Asset ManagementMaximo Asset Management Essentials+10 more Nov 21, 2024 Feb 18, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a m...Show more A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.Show less
CVE-2019-4486 1Ibm 9Maximo Asset Management Maximo For AviationMaximo For Life Sciences+6 more Nov 21, 2024 Oct 24, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred...Show more IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.Show less
CVE-2019-4512 1Ibm 10Control Desk Maximo Asset ManagementMaximo For Aviation+7 more Nov 21, 2024 Oct 9, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.
CVE-2019-4364 1Ibm 10Control Desk Maximo Asset ManagementMaximo For Aviation+7 more Nov 21, 2024 Jun 19, 2019 N/A· v4 8.0 HIGH· v3 8.5 HIGH· v2 IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.
CVE-2019-4303 1Ibm 10Control Desk Maximo Asset ManagementMaximo For Aviation+7 more Nov 21, 2024 Jun 19, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred...Show more IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.Show less
CVE-2019-4056 1Ibm 10Control Desk Maximo Asset ManagementMaximo For Aviation+7 more Nov 21, 2024 Jun 6, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.
CVE-2019-4048 1Ibm 10Control Desk Maximo Asset ManagementMaximo For Aviation+7 more Nov 21, 2024 Jun 6, 2019 N/A· v4 2.1 LOW· v3 2.1 LOW· v2 IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.
CVE-2018-2028 1Ibm 10Control Desk Maximo Asset ManagementMaximo For Aviation+7 more Nov 21, 2024 Jun 6, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.
CVE-2018-1528 1Ibm 8Maximo Asset Management Maximo For AviationMaximo For Life Sciences+5 more Nov 21, 2024 Aug 6, 2018 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.
CVE-2018-1524 1Ibm 8Maximo Asset Management Maximo For AviationMaximo For Life Sciences+5 more Nov 21, 2024 Aug 3, 2018 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for...Show more IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.Show less
CVE-2015-5016 1Ibm 14Change And Configuration Management Database Control DeskMaximo Asset Management+11 more Nov 21, 2024 Mar 27, 2018 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticat...Show more IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.Show less
CVE-2015-0107 1Ibm 11Change And Configuration Management Database Maximo Asset ManagementMaximo Asset Management Essentials+8 more May 13, 2026 Apr 24, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7....Show more IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.Show less
CVE-2015-0104 1Ibm 11Change And Configuration Management Database Maximo Asset ManagementMaximo Asset Management Essentials+8 more May 13, 2026 Apr 24, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7....Show more IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors.Show less
CVE-2016-5902 1Ibm 9Maximo Asset Management Maximo For AviationMaximo For Energy Optimization+6 more May 13, 2026 Feb 8, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credenti...Show more IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less

12 3 Next