Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2019-4429

Vulnerability from fkie_nvd - Published: 2020-02-19 16:15 - Updated: 2024-11-21 04:43

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/162886	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/1489053	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/162886	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/1489053	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	control_desk	7.6.1
ibm	control_desk	7.6.1.1
ibm	maximo_anywhere	7.6.0.0
ibm	maximo_anywhere	7.6.1.0
ibm	maximo_for_aviation	7.6.6
ibm	maximo_for_aviation	7.6.7
ibm	maximo_for_aviation	7.6.8
ibm	maximo_for_life_sciences	7.6
ibm	maximo_for_nuclear_power	7.6.1
ibm	maximo_for_oil_and_gas	7.6.1
ibm	maximo_for_transportation	7.6.2.3
ibm	maximo_for_transportation	7.6.2.4
ibm	maximo_for_transportation	7.6.2.5
ibm	maximo_for_utilities	7.6.0.1
ibm	maximo_for_utilities	7.6.0.2
ibm	smartcloud_control_desk	-
ibm	tivoli_integration_composer	7.6.0.1
ibm	tivoli_integration_composer	7.6.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_anywhere:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "67CD3018-546A-4CFF-B28B-A7DF2EE71634",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_anywhere:7.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E203B3E-6A26-40BD-8F72-B738D4BF6EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4317DA0E-678D-468F-8BE4-8BA20C01C588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB202BE-FF6E-49AC-84FF-F454361E5D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C05DA047-26F7-413E-8259-5F88C08AE2B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "532219AE-9F4D-49B0-A625-A690C9E8A7DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "160EE7B0-4F54-41F7-9266-C22776783BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BDF6664-537E-4CF8-9CCA-7C4746DE9B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F416A57-7B00-411D-B2D5-5BCB434568DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "73EEADC8-01D0-4D80-83E4-1643603485CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "797807D9-2137-414A-BB28-46DBC0288161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8708C64F-7940-46E7-94FB-1D1CF3B864B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a un usuario insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 162886."
    }
  ],
  "id": "CVE-2019-4429",
  "lastModified": "2024-11-21T04:43:35.947",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-19T16:15:11.187",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1489053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1489053"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2013-3323

Vulnerability from fkie_nvd - Published: 2020-02-18 17:15 - Updated: 2024-11-21 01:53

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/62685	Third Party Advisory, VDB Entry
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240	VDB Entry, Vendor Advisory
cve@mitre.org	https://www.ibm.com/support/pages/node/235239	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/62685	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/235239	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management_essentials	6.2
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5
ibm	maximo_for_government	6.2
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5
ibm	maximo_for_life_sciences	6.2
ibm	maximo_for_life_sciences	6.4
ibm	maximo_for_life_sciences	6.5
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5
ibm	maximo_for_nuclear_power	6.2
ibm	maximo_for_nuclear_power	6.3
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5
ibm	maximo_for_oil_and_gas	6.2
ibm	maximo_for_oil_and_gas	6.3
ibm	maximo_for_oil_and_gas	6.4
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5
ibm	maximo_for_transportation	6.2
ibm	maximo_for_transportation	6.3
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5
ibm	maximo_for_utilities	6.2
ibm	maximo_for_utilities	6.3
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5
ibm	maximo_service_desk	6.2
ibm	smartcloud_control_desk	7.5
ibm	tivoli_asset_management_for_it	6.2
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1
ibm	tivoli_service_request_manager	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "095A16F3-FA2C-4D0D-BA04-597FB2FF03FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "235F85B1-345A-4CE2-9DBE-A03D49D14583",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "450D430F-6E81-4DD5-9D64-3676B2D3C16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3749FF3-86DE-40CA-8A04-0987C47EA1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EC5EC94-7A48-487E-BCCC-8B434E8735E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E78E1CA-83D8-4497-AF4E-A017B778107A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2906AF03-C662-4EBF-A3A3-E79DE4831F08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3054179C-29D4-4098-816C-85A2CAE4103F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B97B731D-8002-43D8-BF43-B32B852D0BEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DC611AA-993B-4C91-9EF8-ACA3D3E11F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6476767B-52DD-4A29-A379-96BFE964CA4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDCDD396-CFB4-4AC9-A025-4E132FC333E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01048E18-A71F-4AC7-971E-6CE772ACE81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de escalada de privilegios en IBM Maximo Asset Management versiones 7.5, 7.1 y 6.2, cuando WebSeal con Autenticaci\u00f3n B\u00e1sica es usado, debido a un fallo al invalidar la sesi\u00f3n de autenticaci\u00f3n, lo que podr\u00eda permitir a un usuario malicioso obtener acceso no autorizado."
    }
  ],
  "id": "CVE-2013-3323",
  "lastModified": "2024-11-21T01:53:23.740",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-18T17:15:12.597",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62685"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/235239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/235239"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-4486

Vulnerability from fkie_nvd - Published: 2019-10-24 12:15 - Updated: 2024-11-21 04:43

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/164070	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/1075023	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/164070	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/1075023	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	*
ibm	maximo_asset_management	*
ibm	maximo_for_aviation	7.6
ibm	maximo_for_aviation	7.6.1
ibm	maximo_for_aviation	7.6.2
ibm	maximo_for_aviation	7.6.2.1
ibm	maximo_for_aviation	7.6.3
ibm	maximo_for_life_sciences	7.6
ibm	maximo_for_nuclear_power	7.6.0
ibm	maximo_for_oil_and_gas	7.6.0
ibm	maximo_for_transportation	7.6.1
ibm	maximo_for_transportation	7.6.2
ibm	maximo_for_transportation	7.6.2.1
ibm	maximo_for_transportation	7.6.2.2
ibm	maximo_for_transportation	7.6.2.3
ibm	maximo_for_transportation	7.6.2.4
ibm	maximo_for_utilities	7.6
ibm	smartcloud_control_desk	7.6.0
ibm	smartcloud_control_desk	7.6.0.1
ibm	tivoli_integration_composer	7.2.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09D8BBE4-26EC-4488-95B7-32B46C574CA9",
              "versionEndExcluding": "7.6.0.10",
              "versionStartIncluding": "7.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C55730A-B02C-4EBF-BBB1-0BEB566D8817",
              "versionEndExcluding": "7.6.1.1",
              "versionStartIncluding": "7.6.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ED8884A-10E2-41F8-B057-126F5503D5F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B1037D-F4D1-4CD6-BBD7-6E72EB4A1620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AF2B2A-A380-45BA-867F-11F0FD159590",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 164070."
    }
  ],
  "id": "CVE-2019-4486",
  "lastModified": "2024-11-21T04:43:39.853",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-24T12:15:12.070",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1075023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1075023"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-4512

Vulnerability from fkie_nvd - Published: 2019-10-09 16:15 - Updated: 2024-11-21 04:43

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/164554	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/1075413	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/164554	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/1075413	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.6.1.1
ibm	control_desk	7.6.0
ibm	control_desk	7.6.0.1
ibm	maximo_for_aviation	7.6
ibm	maximo_for_aviation	7.6.1
ibm	maximo_for_aviation	7.6.2
ibm	maximo_for_aviation	7.6.2.1
ibm	maximo_for_aviation	7.6.3
ibm	maximo_for_life_sciences	7.6
ibm	maximo_for_nuclear_power	7.6.0
ibm	maximo_for_oil_and_gas	7.6.0
ibm	maximo_for_transportation	7.6.1
ibm	maximo_for_transportation	7.6.2
ibm	maximo_for_transportation	7.6.2.1
ibm	maximo_for_transportation	7.6.2.2
ibm	maximo_for_transportation	7.6.2.3
ibm	maximo_for_transportation	7.6.2.4
ibm	maximo_for_utilities	7.6
ibm	smartcloud_control_desk	-
ibm	tivoli_integration_composer	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6.1.1, genera un mensaje de error que incluye informaci\u00f3n confidencial que podr\u00eda ser usada en futuros ataques contra el sistema. ID de IBM X-Force: 164554."
    }
  ],
  "id": "CVE-2019-4512",
  "lastModified": "2024-11-21T04:43:40.713",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-09T16:15:16.267",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1075413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1075413"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-4364

Vulnerability from fkie_nvd - Published: 2019-06-19 14:15 - Updated: 2024-11-21 04:43

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/108910	Broken Link, Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/161680	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10887557	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/108910	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/161680	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10887557	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.6
ibm	control_desk	7.6.0
ibm	control_desk	7.6.0.1
ibm	maximo_for_aviation	7.6
ibm	maximo_for_aviation	7.6.1
ibm	maximo_for_aviation	7.6.2
ibm	maximo_for_aviation	7.6.2.1
ibm	maximo_for_aviation	7.6.3
ibm	maximo_for_life_sciences	7.6
ibm	maximo_for_nuclear_power	7.6.0
ibm	maximo_for_oil_and_gas	7.6.0
ibm	maximo_for_transportation	7.6.1
ibm	maximo_for_transportation	7.6.2
ibm	maximo_for_transportation	7.6.2.1
ibm	maximo_for_transportation	7.6.2.2
ibm	maximo_for_transportation	7.6.2.3
ibm	maximo_for_transportation	7.6.2.4
ibm	maximo_for_utilities	7.6
ibm	smartcloud_control_desk	-
ibm	tivoli_integration_composer	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6 es vulnerable a la inyecci\u00f3n de CSV, lo que podr\u00eda permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema. ID de IBM X-Force: 161680."
    }
  ],
  "id": "CVE-2019-4364",
  "lastModified": "2024-11-21T04:43:30.613",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-19T14:15:11.020",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108910"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1236"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-4303

Vulnerability from fkie_nvd - Published: 2019-06-19 14:15 - Updated: 2024-11-21 04:43

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/108912	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/160949	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10887563	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/108912	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/160949	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10887563	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.6
ibm	control_desk	7.6.0
ibm	control_desk	7.6.0.1
ibm	maximo_for_aviation	7.6
ibm	maximo_for_aviation	7.6.1
ibm	maximo_for_aviation	7.6.2
ibm	maximo_for_aviation	7.6.2.1
ibm	maximo_for_aviation	7.6.3
ibm	maximo_for_life_sciences	7.6
ibm	maximo_for_nuclear_power	7.6.0
ibm	maximo_for_oil_and_gas	7.6.0
ibm	maximo_for_transportation	7.6.1
ibm	maximo_for_transportation	7.6.2
ibm	maximo_for_transportation	7.6.2.1
ibm	maximo_for_transportation	7.6.2.2
ibm	maximo_for_transportation	7.6.2.3
ibm	maximo_for_transportation	7.6.2.4
ibm	maximo_for_utilities	7.6
ibm	smartcloud_control_desk	-
ibm	tivoli_integration_composer	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6 es vulnerable a cross-site-scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista que puede conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza. ID de IBM X-Force: 160949."
    }
  ],
  "id": "CVE-2019-4303",
  "lastModified": "2024-11-21T04:43:26.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-19T14:15:10.973",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108912"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108912"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-4048

Vulnerability from fkie_nvd - Published: 2019-06-06 01:29 - Updated: 2024-11-21 04:43

Severity ?

2.1 (Low) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/156311	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10880147	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/156311	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10880147	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	control_desk	7.6.0
ibm	control_desk	7.6.0.1
ibm	control_desk	7.6.1
ibm	maximo_asset_management	7.6
ibm	maximo_for_aviation	7.6
ibm	maximo_for_aviation	7.6.1
ibm	maximo_for_aviation	7.6.2
ibm	maximo_for_aviation	7.6.2.1
ibm	maximo_for_aviation	7.6.3
ibm	maximo_for_life_sciences	7.6
ibm	maximo_for_nuclear_power	7.6.0
ibm	maximo_for_oil_and_gas	7.6.0
ibm	maximo_for_transportation	7.6.1
ibm	maximo_for_transportation	7.6.2
ibm	maximo_for_transportation	7.6.2.1
ibm	maximo_for_transportation	7.6.2.2
ibm	maximo_for_transportation	7.6.2.3
ibm	maximo_for_transportation	7.6.2.4
ibm	maximo_for_utilities	7.6
ibm	smartcloud_control_desk	-
ibm	tivoli_integration_composer	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6 podr\u00eda permitir a un usuario f\u00edsico del sistema obtener informaci\u00f3n confidencial de un usuario anterior de la misma m\u00e1quina. ID de IBM X-Force: 156311."
    }
  ],
  "id": "CVE-2019-4048",
  "lastModified": "2024-11-21T04:43:05.247",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-06T01:29:00.290",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-4056

Vulnerability from fkie_nvd - Published: 2019-06-06 01:29 - Updated: 2024-11-21 04:43

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/156565	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10880149	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/156565	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10880149	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	control_desk	7.6.0
ibm	control_desk	7.6.0.1
ibm	maximo_asset_management	7.6
ibm	maximo_for_aviation	7.6
ibm	maximo_for_aviation	7.6.1
ibm	maximo_for_aviation	7.6.2
ibm	maximo_for_aviation	7.6.2.1
ibm	maximo_for_aviation	7.6.3
ibm	maximo_for_life_sciences	7.6
ibm	maximo_for_nuclear_power	7.6.0
ibm	maximo_for_oil_and_gas	7.6.0
ibm	maximo_for_transportation	7.6.1
ibm	maximo_for_transportation	7.6.2
ibm	maximo_for_transportation	7.6.2.1
ibm	maximo_for_transportation	7.6.2.2
ibm	maximo_for_transportation	7.6.2.3
ibm	maximo_for_transportation	7.6.2.4
ibm	maximo_for_utilities	7.6
ibm	smartcloud_control_desk	-
ibm	tivoli_integration_composer	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 Work Centers\u0027 application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565."
    },
    {
      "lang": "es",
      "value": "La aplicaci\u00f3n  Work Center de IBM Maximo Asset Management versi\u00f3n 7.6 no comprueba el tipo de archivo en la carga, lo que permite a los atacantes cargar archivos maliciosos. ID de IBM X-Force: 156565."
    }
  ],
  "id": "CVE-2019-4056",
  "lastModified": "2024-11-21T04:43:05.943",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-06T01:29:00.337",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2018-2028

Vulnerability from fkie_nvd - Published: 2019-06-06 01:29 - Updated: 2024-11-21 04:03

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/155554	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=ibm10880145	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/155554	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=ibm10880145	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	control_desk	7.6.0
ibm	control_desk	7.6.0.1
ibm	maximo_asset_management	7.6
ibm	maximo_for_aviation	7.6
ibm	maximo_for_aviation	7.6.1
ibm	maximo_for_aviation	7.6.2
ibm	maximo_for_aviation	7.6.2.1
ibm	maximo_for_aviation	7.6.3
ibm	maximo_for_life_sciences	7.6
ibm	maximo_for_nuclear_power	7.6.0
ibm	maximo_for_oil_and_gas	7.6.0
ibm	maximo_for_transportation	7.6.1
ibm	maximo_for_transportation	7.6.2
ibm	maximo_for_transportation	7.6.2.1
ibm	maximo_for_transportation	7.6.2.2
ibm	maximo_for_transportation	7.6.2.3
ibm	maximo_for_transportation	7.6.2.4
ibm	maximo_for_utilities	7.6
ibm	smartcloud_control_desk	-
ibm	tivoli_integration_composer	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6 podr\u00eda permitir que un usuario autenticado sustituya una p\u00e1gina de destino por un sitio de phishing, lo que permitir\u00eda al atacante obtener informaci\u00f3n muy confidencial. ID de IBM X-Force: 155554."
    }
  ],
  "id": "CVE-2018-2028",
  "lastModified": "2024-11-21T04:03:36.460",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-06T01:29:00.227",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2018-1528

Vulnerability from fkie_nvd - Published: 2018-08-06 14:29 - Updated: 2024-11-21 03:59

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.

References

URL	Tags
psirt@us.ibm.com	http://www.securityfocus.com/bid/105023	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/142290	VDB Entry
psirt@us.ibm.com	https://www.ibm.com/support/docview.wss?uid=swg22017450	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105023	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/142290	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/docview.wss?uid=swg22017450	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	*
ibm	maximo_for_aviation	7.6.0.0
ibm	maximo_for_aviation	7.6.1.0
ibm	maximo_for_aviation	7.6.2.0
ibm	maximo_for_aviation	7.6.2.1
ibm	maximo_for_aviation	7.6.3.0
ibm	maximo_for_life_sciences	7.6.0.0
ibm	maximo_for_nuclear_power	7.6.0.0
ibm	maximo_for_oil_and_gas	7.6.0.0
ibm	maximo_for_transportation	7.6.1.0
ibm	maximo_for_transportation	7.6.2.0
ibm	maximo_for_transportation	7.6.2.1
ibm	maximo_for_transportation	7.6.2.2
ibm	maximo_for_transportation	7.6.2.3
ibm	maximo_for_transportation	7.6.2.4
ibm	maximo_for_utilities	7.6.0.0
ibm	smartcloud_control_desk	7.6.0.0
ibm	smartcloud_control_desk	7.6.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DCFD28A-B0AD-4FA5-9774-A92220F29970",
              "versionEndIncluding": "7.6.3.0",
              "versionStartIncluding": "7.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60F3899C-18C5-4A64-92EC-83C73EBEE057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "95583119-EC0D-4C54-BDA3-8E02A2466870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "305E7DA7-1E2E-407A-9362-CF57C0D4AD6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B780FAB9-B58D-4622-B2B4-97662B9421CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBA93D8B-45B2-445C-85CB-FB594D1746F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F39E45D-3415-45E2-9852-46C0AA109B72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651E3E5-5A2C-468E-B686-662DDC162644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B428BE8-BDFF-488A-91E8-E70613589640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FCC6013-BE3C-4C7D-BA7A-49529F0697C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB777BBB-7969-4D0D-89A6-C0E2FC9B2569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "800B9C4C-70D7-4E3D-86BD-1855B14910F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B1037D-F4D1-4CD6-BBD7-6E72EB4A1620",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management, desde la versi\u00f3n 7.6 hasta la 7.6.3, podr\u00eda permitir que un usuario autenticado obtenga informaci\u00f3n sensible desde la API WhoAmI. IBM X-Force ID: 142290."
    }
  ],
  "id": "CVE-2018-1528",
  "lastModified": "2024-11-21T03:59:57.927",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-06T14:29:00.653",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105023"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2019-4429 (GCVE-0-2019-4429)

Vulnerability from cvelistv5 – Published: 2020-02-19 15:15 – Updated: 2024-09-17 02:36

Summary

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.0/A:N/PR:L/AC:L/C:L/S:C/UI:R/AV:N/I:L/RC:C/RL:O/E:H

CWE

Cross-Site Scripting

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/pages/node/1489053	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6.0 Affected: 7.6.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:38.284Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1489053"
          },
          {
            "name": "ibm-maximo-cve20194429-xss (162886)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            }
          ]
        }
      ],
      "datePublic": "2020-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/PR:L/AC:L/C:L/S:C/UI:R/AV:N/I:L/RC:C/RL:O/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-19T15:15:44",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1489053"
        },
        {
          "name": "ibm-maximo-cve20194429-xss (162886)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-18T00:00:00",
          "ID": "CVE-2019-4429",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1489053",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1489053 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/1489053"
            },
            {
              "name": "ibm-maximo-cve20194429-xss (162886)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4429",
    "datePublished": "2020-02-19T15:15:44.172383Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T02:36:20.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3323 (GCVE-0-2013-3323)

Vulnerability from cvelistv5 – Published: 2020-02-18 16:03 – Updated: 2024-08-06 16:07

Summary

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/62685	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	x_refsource_MISC
	https://www.ibm.com/support/pages/node/235239	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62685"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/235239"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-18T16:03:12",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/62685"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/235239"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-3323",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.securityfocus.com/bid/62685",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/62685"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
            },
            {
              "name": "https://www.ibm.com/support/pages/node/235239",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/pages/node/235239"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-3323",
    "datePublished": "2020-02-18T16:03:12",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4486 (GCVE-0-2019-4486)

Vulnerability from cvelistv5 – Published: 2019-10-24 12:00 – Updated: 2024-09-17 02:27

Summary

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.0/UI:R/AC:L/C:L/S:C/PR:L/A:N/AV:N/I:L/RC:C/RL:O/E:H

CWE

Cross-Site Scripting

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/pages/node/1075023	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.470Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1075023"
          },
          {
            "name": "ibm-maximo-cve20194486-xss (164070)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-10-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/AC:L/C:L/S:C/PR:L/A:N/AV:N/I:L/RC:C/RL:O/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-24T12:00:39",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1075023"
        },
        {
          "name": "ibm-maximo-cve20194486-xss (164070)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-10-22T00:00:00",
          "ID": "CVE-2019-4486",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1075023",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1075023 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/1075023"
            },
            {
              "name": "ibm-maximo-cve20194486-xss (164070)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4486",
    "datePublished": "2019-10-24T12:00:39.114131Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T02:27:26.425Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4512 (GCVE-0-2019-4512)

Vulnerability from cvelistv5 – Published: 2019-10-09 15:00 – Updated: 2024-09-17 02:36

Summary

IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.0/AV:N/I:N/C:L/S:U/UI:N/A:N/PR:L/AC:L/RC:C/E:U/RL:O

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/pages/node/1075413	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6.1.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1075413"
          },
          {
            "name": "ibm-maximo-cve20194512-info-disc (164554)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.1"
            }
          ]
        }
      ],
      "datePublic": "2019-10-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/I:N/C:L/S:U/UI:N/A:N/PR:L/AC:L/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-09T15:00:23",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1075413"
        },
        {
          "name": "ibm-maximo-cve20194512-info-disc (164554)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-10-08T00:00:00",
          "ID": "CVE-2019-4512",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1075413",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1075413 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/1075413"
            },
            {
              "name": "ibm-maximo-cve20194512-info-disc (164554)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4512",
    "datePublished": "2019-10-09T15:00:23.883418Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T02:36:34.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4364 (GCVE-0-2019-4364)

Vulnerability from cvelistv5 – Published: 2019-06-19 13:30 – Updated: 2024-09-16 18:39

Summary

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.0/S:U/C:L/I:L/UI:R/A:L/AC:L/AV:N/PR:L/E:U/RC:C/RL:O

CWE

Gain Privileges

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10887557	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/108910	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:37.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
          },
          {
            "name": "ibm-maximo-cve20194364-code-exec (161680)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
          },
          {
            "name": "108910",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108910"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/S:U/C:L/I:L/UI:R/A:L/AC:L/AV:N/PR:L/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T12:06:04",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
        },
        {
          "name": "ibm-maximo-cve20194364-code-exec (161680)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
        },
        {
          "name": "108910",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108910"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-17T00:00:00",
          "ID": "CVE-2019-4364",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10887557",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 887557 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
            },
            {
              "name": "ibm-maximo-cve20194364-code-exec (161680)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
            },
            {
              "name": "108910",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108910"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4364",
    "datePublished": "2019-06-19T13:30:19.753226Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T18:39:05.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4303 (GCVE-0-2019-4303)

Vulnerability from cvelistv5 – Published: 2019-06-19 13:30 – Updated: 2024-09-16 23:00

Summary

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.0/C:L/I:L/S:C/A:N/AC:L/UI:R/AV:N/PR:L/RL:O/RC:C/E:H

CWE

Cross-Site Scripting

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10887563	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/108912	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:38.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
          },
          {
            "name": "ibm-maximo-cve20194303-xss (160949)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
          },
          {
            "name": "108912",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108912"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/C:L/I:L/S:C/A:N/AC:L/UI:R/AV:N/PR:L/RL:O/RC:C/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T13:06:08",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
        },
        {
          "name": "ibm-maximo-cve20194303-xss (160949)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
        },
        {
          "name": "108912",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108912"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-17T00:00:00",
          "ID": "CVE-2019-4303",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10887563",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 887563 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
            },
            {
              "name": "ibm-maximo-cve20194303-xss (160949)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
            },
            {
              "name": "108912",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108912"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4303",
    "datePublished": "2019-06-19T13:30:19.709079Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T23:00:36.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4048 (GCVE-0-2019-4048)

Vulnerability from cvelistv5 – Published: 2019-06-06 00:35 – Updated: 2024-09-16 17:59

Summary

IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.

Severity ?

2.1 (Low)


                        
                          CVSS:3.0/C:L/S:U/UI:N/A:N/I:N/PR:L/AV:P/AC:L/RL:O/E:U/RC:C

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10880147	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.989Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
          },
          {
            "name": "ibm-maximo-cve20194048-info-disc (156311)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 1.9,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:L/S:U/UI:N/A:N/I:N/PR:L/AV:P/AC:L/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-06T00:35:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
        },
        {
          "name": "ibm-maximo-cve20194048-info-disc (156311)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-03T00:00:00",
          "ID": "CVE-2019-4048",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "P",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880147",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 880147 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
            },
            {
              "name": "ibm-maximo-cve20194048-info-disc (156311)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4048",
    "datePublished": "2019-06-06T00:35:18.759822Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T17:59:00.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-2028 (GCVE-0-2018-2028)

Vulnerability from cvelistv5 – Published: 2019-06-06 00:35 – Updated: 2024-09-17 02:32

Summary

IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.0/A:N/UI:N/S:U/C:H/AC:L/PR:L/I:N/AV:N/RC:C/E:U/RL:O

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10880145	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:39.540Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
          },
          {
            "name": "ibm-maximo-cve20182028-info-disc (155554)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/UI:N/S:U/C:H/AC:L/PR:L/I:N/AV:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-06T00:35:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
        },
        {
          "name": "ibm-maximo-cve20182028-info-disc (155554)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-03T00:00:00",
          "ID": "CVE-2018-2028",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880145",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 880145 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
            },
            {
              "name": "ibm-maximo-cve20182028-info-disc (155554)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-2028",
    "datePublished": "2019-06-06T00:35:18.707579Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T02:32:33.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4056 (GCVE-0-2019-4056)

Vulnerability from cvelistv5 – Published: 2019-06-06 00:35 – Updated: 2024-09-16 17:34

Summary

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.0/AC:L/I:L/PR:L/AV:N/A:N/C:N/S:U/UI:N/RC:C/RL:O/E:U

CWE

File Manipulation

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10880149	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
          },
          {
            "name": "ibm-maximo-cve20194056-file-upload (156565)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 Work Centers\u0027 application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/I:L/PR:L/AV:N/A:N/C:N/S:U/UI:N/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "File Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-06T00:35:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
        },
        {
          "name": "ibm-maximo-cve20194056-file-upload (156565)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-03T00:00:00",
          "ID": "CVE-2019-4056",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 Work Centers\u0027 application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "File Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880149",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 880149 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
            },
            {
              "name": "ibm-maximo-cve20194056-file-upload (156565)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4056",
    "datePublished": "2019-06-06T00:35:18.806739Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T17:34:20.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1528 (GCVE-0-2018-1528)

Vulnerability from cvelistv5 – Published: 2018-08-06 14:00 – Updated: 2024-09-17 03:17

Summary

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=swg22017450	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/105023	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6 Affected: 7.6.0 Affected: 7.6.0.1 Affected: 7.6.1 Affected: 7.6.2 Affected: 7.6.2.1 Affected: 7.6.2.2 Affected: 7.6.2.3 Affected: 7.6.2.4 Affected: 7.6.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:42.921Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
          },
          {
            "name": "105023",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105023"
          },
          {
            "name": "ibm-maximo-cve20181528-info-disc(142290)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.0.1"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.1"
            },
            {
              "status": "affected",
              "version": "7.6.2.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.3"
            },
            {
              "status": "affected",
              "version": "7.6.2.4"
            },
            {
              "status": "affected",
              "version": "7.6.3"
            }
          ]
        }
      ],
      "datePublic": "2018-07-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-09T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
        },
        {
          "name": "105023",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105023"
        },
        {
          "name": "ibm-maximo-cve20181528-info-disc(142290)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-07-31T00:00:00",
          "ID": "CVE-2018-1528",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          },
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.0.1"
                          },
                          {
                            "version_value": "7.6.1"
                          },
                          {
                            "version_value": "7.6.2"
                          },
                          {
                            "version_value": "7.6.2.1"
                          },
                          {
                            "version_value": "7.6.2.2"
                          },
                          {
                            "version_value": "7.6.2.3"
                          },
                          {
                            "version_value": "7.6.2.4"
                          },
                          {
                            "version_value": "7.6.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=swg22017450",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
            },
            {
              "name": "105023",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105023"
            },
            {
              "name": "ibm-maximo-cve20181528-info-disc(142290)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1528",
    "datePublished": "2018-08-06T14:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T03:17:22.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4429 (GCVE-0-2019-4429)

Vulnerability from nvd – Published: 2020-02-19 15:15 – Updated: 2024-09-17 02:36

Summary

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.0/A:N/PR:L/AC:L/C:L/S:C/UI:R/AV:N/I:L/RC:C/RL:O/E:H

CWE

Cross-Site Scripting

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/pages/node/1489053	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6.0 Affected: 7.6.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:38.284Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1489053"
          },
          {
            "name": "ibm-maximo-cve20194429-xss (162886)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            }
          ]
        }
      ],
      "datePublic": "2020-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/PR:L/AC:L/C:L/S:C/UI:R/AV:N/I:L/RC:C/RL:O/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-19T15:15:44",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1489053"
        },
        {
          "name": "ibm-maximo-cve20194429-xss (162886)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-18T00:00:00",
          "ID": "CVE-2019-4429",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1489053",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1489053 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/1489053"
            },
            {
              "name": "ibm-maximo-cve20194429-xss (162886)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4429",
    "datePublished": "2020-02-19T15:15:44.172383Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T02:36:20.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3323 (GCVE-0-2013-3323)

Vulnerability from nvd – Published: 2020-02-18 16:03 – Updated: 2024-08-06 16:07

Summary

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/62685	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	x_refsource_MISC
	https://www.ibm.com/support/pages/node/235239	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62685"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/235239"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-18T16:03:12",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/62685"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/235239"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-3323",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.securityfocus.com/bid/62685",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/62685"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
            },
            {
              "name": "https://www.ibm.com/support/pages/node/235239",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/pages/node/235239"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-3323",
    "datePublished": "2020-02-18T16:03:12",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4486 (GCVE-0-2019-4486)

Vulnerability from nvd – Published: 2019-10-24 12:00 – Updated: 2024-09-17 02:27

Summary

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.0/UI:R/AC:L/C:L/S:C/PR:L/A:N/AV:N/I:L/RC:C/RL:O/E:H

CWE

Cross-Site Scripting

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/pages/node/1075023	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.470Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1075023"
          },
          {
            "name": "ibm-maximo-cve20194486-xss (164070)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-10-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/AC:L/C:L/S:C/PR:L/A:N/AV:N/I:L/RC:C/RL:O/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-24T12:00:39",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1075023"
        },
        {
          "name": "ibm-maximo-cve20194486-xss (164070)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-10-22T00:00:00",
          "ID": "CVE-2019-4486",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1075023",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1075023 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/1075023"
            },
            {
              "name": "ibm-maximo-cve20194486-xss (164070)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4486",
    "datePublished": "2019-10-24T12:00:39.114131Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T02:27:26.425Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4512 (GCVE-0-2019-4512)

Vulnerability from nvd – Published: 2019-10-09 15:00 – Updated: 2024-09-17 02:36

Summary

IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.0/AV:N/I:N/C:L/S:U/UI:N/A:N/PR:L/AC:L/RC:C/E:U/RL:O

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/pages/node/1075413	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6.1.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1075413"
          },
          {
            "name": "ibm-maximo-cve20194512-info-disc (164554)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.1"
            }
          ]
        }
      ],
      "datePublic": "2019-10-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/I:N/C:L/S:U/UI:N/A:N/PR:L/AC:L/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-09T15:00:23",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1075413"
        },
        {
          "name": "ibm-maximo-cve20194512-info-disc (164554)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-10-08T00:00:00",
          "ID": "CVE-2019-4512",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1075413",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1075413 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/1075413"
            },
            {
              "name": "ibm-maximo-cve20194512-info-disc (164554)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4512",
    "datePublished": "2019-10-09T15:00:23.883418Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T02:36:34.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4364 (GCVE-0-2019-4364)

Vulnerability from nvd – Published: 2019-06-19 13:30 – Updated: 2024-09-16 18:39

Summary

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.0/S:U/C:L/I:L/UI:R/A:L/AC:L/AV:N/PR:L/E:U/RC:C/RL:O

CWE

Gain Privileges

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10887557	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/108910	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:37.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
          },
          {
            "name": "ibm-maximo-cve20194364-code-exec (161680)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
          },
          {
            "name": "108910",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108910"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/S:U/C:L/I:L/UI:R/A:L/AC:L/AV:N/PR:L/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T12:06:04",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
        },
        {
          "name": "ibm-maximo-cve20194364-code-exec (161680)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
        },
        {
          "name": "108910",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108910"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-17T00:00:00",
          "ID": "CVE-2019-4364",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10887557",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 887557 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
            },
            {
              "name": "ibm-maximo-cve20194364-code-exec (161680)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
            },
            {
              "name": "108910",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108910"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4364",
    "datePublished": "2019-06-19T13:30:19.753226Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T18:39:05.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4303 (GCVE-0-2019-4303)

Vulnerability from nvd – Published: 2019-06-19 13:30 – Updated: 2024-09-16 23:00

Summary

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.0/C:L/I:L/S:C/A:N/AC:L/UI:R/AV:N/PR:L/RL:O/RC:C/E:H

CWE

Cross-Site Scripting

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10887563	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/108912	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:38.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
          },
          {
            "name": "ibm-maximo-cve20194303-xss (160949)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
          },
          {
            "name": "108912",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108912"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/C:L/I:L/S:C/A:N/AC:L/UI:R/AV:N/PR:L/RL:O/RC:C/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T13:06:08",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
        },
        {
          "name": "ibm-maximo-cve20194303-xss (160949)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
        },
        {
          "name": "108912",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108912"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-17T00:00:00",
          "ID": "CVE-2019-4303",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10887563",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 887563 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
            },
            {
              "name": "ibm-maximo-cve20194303-xss (160949)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
            },
            {
              "name": "108912",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108912"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4303",
    "datePublished": "2019-06-19T13:30:19.709079Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T23:00:36.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4048 (GCVE-0-2019-4048)

Vulnerability from nvd – Published: 2019-06-06 00:35 – Updated: 2024-09-16 17:59

Summary

IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.

Severity ?

2.1 (Low)


                        
                          CVSS:3.0/C:L/S:U/UI:N/A:N/I:N/PR:L/AV:P/AC:L/RL:O/E:U/RC:C

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10880147	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.989Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
          },
          {
            "name": "ibm-maximo-cve20194048-info-disc (156311)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 1.9,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:L/S:U/UI:N/A:N/I:N/PR:L/AV:P/AC:L/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-06T00:35:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
        },
        {
          "name": "ibm-maximo-cve20194048-info-disc (156311)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-03T00:00:00",
          "ID": "CVE-2019-4048",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "P",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880147",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 880147 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
            },
            {
              "name": "ibm-maximo-cve20194048-info-disc (156311)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4048",
    "datePublished": "2019-06-06T00:35:18.759822Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T17:59:00.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-2028 (GCVE-0-2018-2028)

Vulnerability from nvd – Published: 2019-06-06 00:35 – Updated: 2024-09-17 02:32

Summary

IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.0/A:N/UI:N/S:U/C:H/AC:L/PR:L/I:N/AV:N/RC:C/E:U/RL:O

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10880145	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:39.540Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
          },
          {
            "name": "ibm-maximo-cve20182028-info-disc (155554)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/UI:N/S:U/C:H/AC:L/PR:L/I:N/AV:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-06T00:35:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
        },
        {
          "name": "ibm-maximo-cve20182028-info-disc (155554)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-03T00:00:00",
          "ID": "CVE-2018-2028",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880145",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 880145 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
            },
            {
              "name": "ibm-maximo-cve20182028-info-disc (155554)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-2028",
    "datePublished": "2019-06-06T00:35:18.707579Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T02:32:33.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4056 (GCVE-0-2019-4056)

Vulnerability from nvd – Published: 2019-06-06 00:35 – Updated: 2024-09-16 17:34

Summary

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.0/AC:L/I:L/PR:L/AV:N/A:N/C:N/S:U/UI:N/RC:C/RL:O/E:U

CWE

File Manipulation

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=ibm10880149	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
          },
          {
            "name": "ibm-maximo-cve20194056-file-upload (156565)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 Work Centers\u0027 application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/I:L/PR:L/AV:N/A:N/C:N/S:U/UI:N/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "File Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-06T00:35:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
        },
        {
          "name": "ibm-maximo-cve20194056-file-upload (156565)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-03T00:00:00",
          "ID": "CVE-2019-4056",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 Work Centers\u0027 application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "File Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880149",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 880149 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
            },
            {
              "name": "ibm-maximo-cve20194056-file-upload (156565)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4056",
    "datePublished": "2019-06-06T00:35:18.806739Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T17:34:20.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1528 (GCVE-0-2018-1528)

Vulnerability from nvd – Published: 2018-08-06 14:00 – Updated: 2024-09-17 03:17

Summary

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/docview.wss?uid=swg22017450	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/105023	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Affected: 7.6 Affected: 7.6.0 Affected: 7.6.0.1 Affected: 7.6.1 Affected: 7.6.2 Affected: 7.6.2.1 Affected: 7.6.2.2 Affected: 7.6.2.3 Affected: 7.6.2.4 Affected: 7.6.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:42.921Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
          },
          {
            "name": "105023",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105023"
          },
          {
            "name": "ibm-maximo-cve20181528-info-disc(142290)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.0.1"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.1"
            },
            {
              "status": "affected",
              "version": "7.6.2.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.3"
            },
            {
              "status": "affected",
              "version": "7.6.2.4"
            },
            {
              "status": "affected",
              "version": "7.6.3"
            }
          ]
        }
      ],
      "datePublic": "2018-07-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-09T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
        },
        {
          "name": "105023",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105023"
        },
        {
          "name": "ibm-maximo-cve20181528-info-disc(142290)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-07-31T00:00:00",
          "ID": "CVE-2018-1528",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          },
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.0.1"
                          },
                          {
                            "version_value": "7.6.1"
                          },
                          {
                            "version_value": "7.6.2"
                          },
                          {
                            "version_value": "7.6.2.1"
                          },
                          {
                            "version_value": "7.6.2.2"
                          },
                          {
                            "version_value": "7.6.2.3"
                          },
                          {
                            "version_value": "7.6.2.4"
                          },
                          {
                            "version_value": "7.6.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=swg22017450",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
            },
            {
              "name": "105023",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105023"
            },
            {
              "name": "ibm-maximo-cve20181528-info-disc(142290)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1528",
    "datePublished": "2018-08-06T14:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T03:17:22.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

195 vulnerabilities found for smartcloud_control_desk by ibm

CVE-2019-4429 (GCVE-0-2019-4429)

CVE-2013-3323 (GCVE-0-2013-3323)

CVE-2019-4486 (GCVE-0-2019-4486)

CVE-2019-4512 (GCVE-0-2019-4512)

CVE-2019-4364 (GCVE-0-2019-4364)

CVE-2019-4303 (GCVE-0-2019-4303)

CVE-2019-4048 (GCVE-0-2019-4048)

CVE-2018-2028 (GCVE-0-2018-2028)

CVE-2019-4056 (GCVE-0-2019-4056)

CVE-2018-1528 (GCVE-0-2018-1528)

CVE-2019-4429 (GCVE-0-2019-4429)

CVE-2013-3323 (GCVE-0-2013-3323)

CVE-2019-4486 (GCVE-0-2019-4486)

CVE-2019-4512 (GCVE-0-2019-4512)

CVE-2019-4364 (GCVE-0-2019-4364)

CVE-2019-4303 (GCVE-0-2019-4303)

CVE-2019-4048 (GCVE-0-2019-4048)

CVE-2018-2028 (GCVE-0-2018-2028)

CVE-2019-4056 (GCVE-0-2019-4056)

CVE-2018-1528 (GCVE-0-2018-1528)