Smartcloud Control Desk

smartcloud_control_desk

Vendor: Ibm • 65 CVEs

CVEs (65)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-4429 1Ibm 10Control Desk Maximo AnywhereMaximo For Aviation+7 more Nov 21, 2024 Feb 19, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea...Show more IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.Show less
CVE-2013-3323 1Ibm 13Change And Configuration Management Database Maximo Asset ManagementMaximo Asset Management Essentials+10 more Nov 21, 2024 Feb 18, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a m...Show more A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.Show less
CVE-2019-4486 1Ibm 9Maximo Asset Management Maximo For AviationMaximo For Life Sciences+6 more Nov 21, 2024 Oct 24, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred...Show more IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.Show less
CVE-2019-4512 1Ibm 10Control Desk Maximo Asset ManagementMaximo For Aviation+7 more Nov 21, 2024 Oct 9, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.
CVE-2019-4364 1Ibm 10Control Desk Maximo Asset ManagementMaximo For Aviation+7 more Nov 21, 2024 Jun 19, 2019 N/A· v4 8.0 HIGH· v3 8.5 HIGH· v2 IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.
CVE-2019-4303 1Ibm 10Control Desk Maximo Asset ManagementMaximo For Aviation+7 more Nov 21, 2024 Jun 19, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred...Show more IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.Show less
CVE-2019-4056 1Ibm 10Control Desk Maximo Asset ManagementMaximo For Aviation+7 more Nov 21, 2024 Jun 6, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.
CVE-2019-4048 1Ibm 10Control Desk Maximo Asset ManagementMaximo For Aviation+7 more Nov 21, 2024 Jun 6, 2019 N/A· v4 2.1 LOW· v3 2.1 LOW· v2 IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.
CVE-2018-2028 1Ibm 10Control Desk Maximo Asset ManagementMaximo For Aviation+7 more Nov 21, 2024 Jun 6, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.
CVE-2018-1528 1Ibm 8Maximo Asset Management Maximo For AviationMaximo For Life Sciences+5 more Nov 21, 2024 Aug 6, 2018 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.
CVE-2018-1524 1Ibm 8Maximo Asset Management Maximo For AviationMaximo For Life Sciences+5 more Nov 21, 2024 Aug 3, 2018 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for...Show more IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.Show less
CVE-2016-6072 1Ibm 12Maximo Asset Management Maximo For AviationMaximo For Life Sciences+9 more May 13, 2026 Feb 1, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credenti...Show more IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less
CVE-2016-0222 1Ibm 8Maximo Asset Management Maximo For GovernmentMaximo For Life Sciences+5 more May 6, 2026 Mar 14, 2016 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.
CVE-2015-7448 1Ibm 13Change And Configuration Management Database Maximo Asset ManagementMaximo Asset Management Essentials+10 more May 6, 2026 Mar 12, 2016 N/A· v4 5.4 MEDIUM· v3 6.5 MEDIUM· v2 SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 befo...Show more SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.Show less
CVE-2015-7487 1Ibm 13Change And Configuration Management Database Maximo Asset ManagementMaximo Asset Management Essentials+10 more May 6, 2026 Jan 27, 2016 N/A· v4 4.1 MEDIUM· v3 4.9 MEDIUM· v2 IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartClo...Show more IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files.Show less
CVE-2015-5051 1Ibm 9Maximo Asset Management Maximo Asset Management EssentialsMaximo For Government+6 more May 6, 2026 Jan 3, 2016 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated u...Show more IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.Show less
CVE-2015-5017 1Ibm 13Change And Configuration Management Database Maximo Asset ManagementMaximo Asset Management Essentials+10 more May 6, 2026 Jan 3, 2016 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartClo...Show more IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.Show less
CVE-2015-7452 1Ibm 9Maximo Asset Management Maximo Asset Management EssentialsMaximo For Government+6 more May 6, 2026 Jan 2, 2016 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated u...Show more IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API.Show less
CVE-2015-7396 1Ibm 9Maximo Asset Management Maximo Asset Management EssentialsMaximo For Government+6 more May 6, 2026 Jan 2, 2016 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remo...Show more The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors.Show less
CVE-2015-7451 1Ibm 9Maximo Asset Management Maximo Asset Management EssentialsMaximo For Government+6 more May 6, 2026 Jan 2, 2016 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartClo...Show more Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.Show less

12 3 4 Next