Search criteria
153 vulnerabilities found for maximo_asset_management_essentials by ibm
FKIE_CVE-2013-3323
Vulnerability from fkie_nvd - Published: 2020-02-18 17:15 - Updated: 2024-11-21 01:53
Severity ?
Summary
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/62685 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240 | VDB Entry, Vendor Advisory | |
| cve@mitre.org | https://www.ibm.com/support/pages/node/235239 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/62685 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/235239 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "095A16F3-FA2C-4D0D-BA04-597FB2FF03FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "235F85B1-345A-4CE2-9DBE-A03D49D14583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450D430F-6E81-4DD5-9D64-3676B2D3C16C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C3749FF3-86DE-40CA-8A04-0987C47EA1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC5EC94-7A48-487E-BCCC-8B434E8735E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E78E1CA-83D8-4497-AF4E-A017B778107A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2906AF03-C662-4EBF-A3A3-E79DE4831F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3054179C-29D4-4098-816C-85A2CAE4103F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B97B731D-8002-43D8-BF43-B32B852D0BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DC611AA-993B-4C91-9EF8-ACA3D3E11F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6476767B-52DD-4A29-A379-96BFE964CA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDCDD396-CFB4-4AC9-A025-4E132FC333E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "01048E18-A71F-4AC7-971E-6CE772ACE81A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de escalada de privilegios en IBM Maximo Asset Management versiones 7.5, 7.1 y 6.2, cuando WebSeal con Autenticaci\u00f3n B\u00e1sica es usado, debido a un fallo al invalidar la sesi\u00f3n de autenticaci\u00f3n, lo que podr\u00eda permitir a un usuario malicioso obtener acceso no autorizado."
}
],
"id": "CVE-2013-3323",
"lastModified": "2024-11-21T01:53:23.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-18T17:15:12.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/62685"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/235239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/62685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/235239"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-5016
Vulnerability from fkie_nvd - Published: 2018-03-27 17:29 - Updated: 2024-11-21 02:32
Severity ?
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21971160 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/106460 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21971160 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/106460 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7759191C-5D16-4937-BC80-5A47FE4F9DD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "33E903B1-43FE-4120-95E1-2108B630D49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6282F8E2-9EFD-4CBE-8732-22659413B149",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management 7.1, 7.5 y 7.6; Maximo Asset Management Essentials 7.1 y 7.5; Control Desk 7.5 y 7.6; Tivoli Asset Management for IT 7.1 y 7.2; as\u00ed como otros productos de IBM permiten que usuarios autenticados remotos omitan las restricciones de acceso previstas y lean entradas del registro de tareas de tickets arbitrarias mediante vectores sin especificar. IBM X-Force ID: 106460."
}
],
"id": "CVE-2015-5016",
"lastModified": "2024-11-21T02:32:11.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-27T17:29:00.337",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1414
Vulnerability from fkie_nvd - Published: 2018-02-22 19:29 - Updated: 2024-11-21 03:59
Severity ?
Summary
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22013797 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/103154 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/138820 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22013797 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103154 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/138820 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.5.0.0 | |
| ibm | maximo_asset_management | 7.6.0.0 | |
| ibm | maximo_asset_management_essentials | 7.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management en sus versiones 7.5 y 7.6 es vulnerable a inyecci\u00f3n SQL. Un atacante remoto podr\u00eda enviar instrucciones SQL especialmente manipuladas que podr\u00edan permitir que el atacante viese, a\u00f1adiese, modificase o borrase informaci\u00f3n en la base de datos del backend. IBM X-Force ID: 138820."
}
],
"id": "CVE-2018-1414",
"lastModified": "2024-11-21T03:59:46.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-22T19:29:03.217",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103154"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1499
Vulnerability from fkie_nvd - Published: 2018-02-14 15:29 - Updated: 2024-11-21 03:21
Severity ?
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012781 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/129106 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012781 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/129106 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.5.0.0 | |
| ibm | maximo_asset_management | 7.6.0.0 | |
| ibm | maximo_asset_management_essentials | 7.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versiones 7.5 y 7.6 podr\u00eda permitir que un atacante remoto incluya archivos arbitrarios y, como consecuencia, ejecute c\u00f3digo en el servidor Web vulnerable. IBM X-Force ID: 129106."
}
],
"id": "CVE-2017-1499",
"lastModified": "2024-11-21T03:21:58.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-14T15:29:00.207",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1558
Vulnerability from fkie_nvd - Published: 2017-12-13 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010595 | Issue Tracking, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102211 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/131548 | Issue Tracking, VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010595 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102211 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/131548 | Issue Tracking, VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.5 | |
| ibm | maximo_asset_management | 7.6 | |
| ibm | maximo_asset_management_essentials | 7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management en sus versiones 7.5 y 7.6 podr\u00eda permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirecci\u00f3n abierta. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecer\u00eda de confianza. Esto podr\u00eda permitir que el atacante obtuviese informaci\u00f3n sumamente sensible o que llevase a cabo m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 131548."
}
],
"id": "CVE-2017-1558",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-13T18:29:00.317",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102211"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Issue Tracking",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1357
Vulnerability from fkie_nvd - Published: 2017-08-09 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22006647 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/100214 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/126684 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22006647 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100214 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/126684 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "29858665-FA68-4EDE-A0E7-6C79E8786871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B7CA3C-5F9B-45A3-80AC-F5A4E190CC37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5550B7-9133-4434-A01C-0A35E59ECDD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4B8FE2-799E-4D5F-B582-49E799A3ADDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7197C12C-5CD7-4F7D-8B38-F792FAABC1FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE096D4-40A8-4FD8-905C-3B13476BF748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E369397-1BC9-42E3-94AB-1CDB01D4838C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56F90E1F-C0A0-4D6C-A497-9CC3AAF9ECB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EF80B092-7E42-4F78-A137-015E382271F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "228B8913-D50A-4645-9519-1633D0ACA44C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A38DFC7-0B96-43F8-88EE-7F8CD29CD41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00F10D4F-B0A5-4E40-B3AA-47838343D8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB194228-212C-499F-A3C6-147B5CD89581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D2023D-F6A3-4E44-B8C3-4B694A629B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "48467B08-08D3-4129-9687-A0EC01920694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A162A9A1-5FF5-47A3-BC80-9577FC8EE00A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7DA64E-DAC8-4DE5-8EB7-2FCAD88A8E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management 7.5 y 7.6 podr\u00eda permitir que un usuario autenticado manipulase \u00f3rdenes de trabajo para falsificar correos electr\u00f3nicos. Esto podr\u00eda emplearse para llevar a cabo ataques m\u00e1s avanzados. IBM X-Force ID: 126684."
}
],
"id": "CVE-2017-1357",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-09T18:29:01.497",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100214"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9977
Vulnerability from fkie_nvd - Published: 2017-06-07 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22003981 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/98786 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/120253 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22003981 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98786 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/120253 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.1 | |
| ibm | maximo_asset_management | 7.5 | |
| ibm | maximo_asset_management | 7.6 | |
| ibm | maximo_asset_management_essentials | 7.1 | |
| ibm | maximo_asset_management_essentials | 7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 120253."
},
{
"lang": "es",
"value": "Maximo Asset Management versiones 7.1, 7.5 y 7.6 de IBM, podr\u00eda permitir a un atacante remoto secuestrar la sesi\u00f3n de usuario, causado por un fallo para invalidar un identificador de sesi\u00f3n existente. Un atacante podr\u00eda explotar esta vulnerabilidad para conseguir acceso a la sesi\u00f3n de otro usuario. ID de IBM X-Force: 120253."
}
],
"id": "CVE-2016-9977",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-07T17:29:00.677",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98786"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1291
Vulnerability from fkie_nvd - Published: 2017-05-26 16:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22003413 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/125152 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22003413 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/125152 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.5 | |
| ibm | maximo_asset_management | 7.6 | |
| ibm | maximo_asset_management_essentials | 7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152."
},
{
"lang": "es",
"value": "Maximo Asset Management versiones 7.5 y 7.6 de IBM, es vulnerable a ataques de divisi\u00f3n de respuestas HTTP. Un atacante remoto podr\u00eda explotar esta vulnerabilidad usando una URL especialmente dise\u00f1ada para causar que el servidor devuelva una respuesta dividida, una vez que se haga clic en la URL. Esto permitir\u00eda al atacante realizar nuevos ataques, como envenenamiento de cach\u00e9 web, cross-Site scripting y, posiblemente, obtener informaci\u00f3n confidencial. ID de IBM X-Force: 125152."
}
],
"id": "CVE-2017-1291",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-26T16:29:00.163",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1292
Vulnerability from fkie_nvd - Published: 2017-05-26 16:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22003414 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/125153 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22003414 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/125153 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.5 | |
| ibm | maximo_asset_management | 7.6 | |
| ibm | maximo_asset_management_essentials | 7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153."
},
{
"lang": "es",
"value": "Las versiones 7.5 y 7.6 de IBM Maximo Asset Management generan mensajes de error que podr\u00edan revelar informaci\u00f3n sensible para futuros ataques contra el sistema. IBM X-Force ID: 125153."
}
],
"id": "CVE-2017-1292",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-26T16:29:00.210",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9976
Vulnerability from fkie_nvd - Published: 2017-05-03 17:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22002018 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/98305 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22002018 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98305 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.1 | |
| ibm | maximo_asset_management | 7.5 | |
| ibm | maximo_asset_management | 7.6 | |
| ibm | maximo_asset_management_essentials | 7.1 | |
| ibm | maximo_asset_management_essentials | 7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management 7.1, 7.5, y 7.6 podr\u00eda permitir a un atacante remoto incluir ficheros arbitrarios. Un atacante remoto podr\u00eda enviar peticiones URL especialmente dise\u00f1adas para ejecutar c\u00f3digo abritrario en el servidor afectado. IBM X-Force ID: 120252."
}
],
"id": "CVE-2016-9976",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-03T17:59:00.220",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/98305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/98305"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-3323 (GCVE-0-2013-3323)
Vulnerability from cvelistv5 – Published: 2020-02-18 16:03 – Updated: 2024-08-06 16:07
VLAI?
Summary
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62685"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/235239"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-18T16:03:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/62685"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/235239"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/62685",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/62685"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
},
{
"name": "https://www.ibm.com/support/pages/node/235239",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/235239"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3323",
"datePublished": "2020-02-18T16:03:12",
"dateReserved": "2013-05-06T00:00:00",
"dateUpdated": "2024-08-06T16:07:37.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5016 (GCVE-0-2015-5016)
Vulnerability from cvelistv5 – Published: 2018-03-27 17:00 – Updated: 2024-08-06 06:32
VLAI?
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-maximo-cve20155016-info-disc(106460)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-maximo-cve20155016-info-disc(106460)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-maximo-cve20155016-info-disc(106460)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-5016",
"datePublished": "2018-03-27T17:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1414 (GCVE-0-2018-1414)
Vulnerability from cvelistv5 – Published: 2018-02-22 19:00 – Updated: 2024-09-17 03:59
VLAI?
Summary
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820.
Severity ?
No CVSS data available.
CWE
- Data Manipulation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.5
Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103154"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2018-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-27T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "103154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103154"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-20T00:00:00",
"ID": "CVE-2018-1414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103154"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22013797",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1414",
"datePublished": "2018-02-22T19:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T03:59:50.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1499 (GCVE-0-2017-1499)
Vulnerability from cvelistv5 – Published: 2018-02-14 15:00 – Updated: 2024-09-17 00:16
VLAI?
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.5
Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2018-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-25T00:00:00",
"ID": "CVE-2017-1499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012781",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1499",
"datePublished": "2018-02-14T15:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T00:16:20.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1558 (GCVE-0-2017-1558)
Vulnerability from cvelistv5 – Published: 2017-12-13 18:00 – Updated: 2024-09-16 16:43
VLAI?
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.5
Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:30.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102211",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102211"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2017-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-19T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "102211",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102211"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-12-11T00:00:00",
"ID": "CVE-2017-1558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102211",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102211"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010595",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1558",
"datePublished": "2017-12-13T18:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T16:43:14.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1357 (GCVE-0-2017-1357)
Vulnerability from cvelistv5 – Published: 2017-08-09 18:00 – Updated: 2024-09-16 23:00
VLAI?
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.
Severity ?
No CVSS data available.
CWE
- File Manipulation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.5
Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100214",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100214"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2017-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "File Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "100214",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100214"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-1357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100214"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006647",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1357",
"datePublished": "2017-08-09T18:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:00:52.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9977 (GCVE-0-2016-9977)
Vulnerability from cvelistv5 – Published: 2017-06-07 17:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.1
Affected: 7.5 Affected: 7.1.1 Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
},
{
"name": "98786",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98786"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2017-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 120253."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-08T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
},
{
"name": "98786",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98786"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "7.5"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 120253."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
},
{
"name": "98786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98786"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003981",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9977",
"datePublished": "2017-06-07T17:00:00",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1292 (GCVE-0-2017-1292)
Vulnerability from cvelistv5 – Published: 2017-05-26 16:00 – Updated: 2024-08-05 13:32
VLAI?
Summary
IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.5
Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2017-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003414",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1292",
"datePublished": "2017-05-26T16:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:32:29.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1291 (GCVE-0-2017-1291)
Vulnerability from cvelistv5 – Published: 2017-05-26 16:00 – Updated: 2024-08-05 13:32
VLAI?
Summary
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.5
Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:28.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2017-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003413",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1291",
"datePublished": "2017-05-26T16:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:32:28.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9976 (GCVE-0-2016-9976)
Vulnerability from cvelistv5 – Published: 2017-05-03 17:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Maximo Asset Management |
Affected:
7.1, 7.5, 7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
},
{
"name": "98305",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "7.1, 7.5, 7.6"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-05T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
},
{
"name": "98305",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98305"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.1, 7.5, 7.6"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22002018",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
},
{
"name": "98305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98305"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9976",
"datePublished": "2017-05-03T17:00:00",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3323 (GCVE-0-2013-3323)
Vulnerability from nvd – Published: 2020-02-18 16:03 – Updated: 2024-08-06 16:07
VLAI?
Summary
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62685"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/235239"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-18T16:03:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/62685"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/235239"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/62685",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/62685"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
},
{
"name": "https://www.ibm.com/support/pages/node/235239",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/235239"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3323",
"datePublished": "2020-02-18T16:03:12",
"dateReserved": "2013-05-06T00:00:00",
"dateUpdated": "2024-08-06T16:07:37.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5016 (GCVE-0-2015-5016)
Vulnerability from nvd – Published: 2018-03-27 17:00 – Updated: 2024-08-06 06:32
VLAI?
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-maximo-cve20155016-info-disc(106460)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-maximo-cve20155016-info-disc(106460)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-maximo-cve20155016-info-disc(106460)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-5016",
"datePublished": "2018-03-27T17:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1414 (GCVE-0-2018-1414)
Vulnerability from nvd – Published: 2018-02-22 19:00 – Updated: 2024-09-17 03:59
VLAI?
Summary
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820.
Severity ?
No CVSS data available.
CWE
- Data Manipulation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.5
Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103154"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2018-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-27T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "103154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103154"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-20T00:00:00",
"ID": "CVE-2018-1414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103154"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22013797",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1414",
"datePublished": "2018-02-22T19:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T03:59:50.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1499 (GCVE-0-2017-1499)
Vulnerability from nvd – Published: 2018-02-14 15:00 – Updated: 2024-09-17 00:16
VLAI?
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.5
Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2018-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-25T00:00:00",
"ID": "CVE-2017-1499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012781",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1499",
"datePublished": "2018-02-14T15:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T00:16:20.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1558 (GCVE-0-2017-1558)
Vulnerability from nvd – Published: 2017-12-13 18:00 – Updated: 2024-09-16 16:43
VLAI?
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.5
Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:30.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102211",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102211"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2017-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-19T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "102211",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102211"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-12-11T00:00:00",
"ID": "CVE-2017-1558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102211",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102211"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010595",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1558",
"datePublished": "2017-12-13T18:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T16:43:14.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1357 (GCVE-0-2017-1357)
Vulnerability from nvd – Published: 2017-08-09 18:00 – Updated: 2024-09-16 23:00
VLAI?
Summary
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.
Severity ?
No CVSS data available.
CWE
- File Manipulation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.5
Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100214",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100214"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2017-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "File Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "100214",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100214"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-1357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100214"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006647",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1357",
"datePublished": "2017-08-09T18:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:00:52.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9977 (GCVE-0-2016-9977)
Vulnerability from nvd – Published: 2017-06-07 17:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.1
Affected: 7.5 Affected: 7.1.1 Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
},
{
"name": "98786",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98786"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2017-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 120253."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-08T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
},
{
"name": "98786",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98786"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "7.5"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 120253."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
},
{
"name": "98786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98786"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003981",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9977",
"datePublished": "2017-06-07T17:00:00",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1292 (GCVE-0-2017-1292)
Vulnerability from nvd – Published: 2017-05-26 16:00 – Updated: 2024-08-05 13:32
VLAI?
Summary
IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.5
Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2017-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003414",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1292",
"datePublished": "2017-05-26T16:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:32:29.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1291 (GCVE-0-2017-1291)
Vulnerability from nvd – Published: 2017-05-26 16:00 – Updated: 2024-08-05 13:32
VLAI?
Summary
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.5
Affected: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:28.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2017-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.5"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003413",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1291",
"datePublished": "2017-05-26T16:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:32:28.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9976 (GCVE-0-2016-9976)
Vulnerability from nvd – Published: 2017-05-03 17:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Maximo Asset Management |
Affected:
7.1, 7.5, 7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
},
{
"name": "98305",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "7.1, 7.5, 7.6"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-05T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
},
{
"name": "98305",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98305"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.1, 7.5, 7.6"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22002018",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
},
{
"name": "98305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98305"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9976",
"datePublished": "2017-05-03T17:00:00",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}