Search criteria
39 vulnerabilities found for tivoli_integration_composer by ibm
FKIE_CVE-2020-4409
Vulnerability from fkie_nvd - Published: 2020-09-16 16:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/179537 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6333091 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/179537 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6333091 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "830412EF-C21D-4455-9396-06222B32F61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9EA821-8DC7-4D08-B516-CA8D0692DD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31FDF238-C29E-4F15-AB54-C90226BC0A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8E3FBA-9DBB-487E-99AD-5E1119150D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4989C34-4B4E-4E53-A13E-13667DCBB19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63D81A1F-4A22-4DAD-B5BE-EA825DF9C4CB",
"versionEndExcluding": "7.6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD061C9-2D80-48CF-B660-68948B03F3C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28402BF3-15EC-41F5-AD53-EC196CF3F345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81A99155-0D86-4998-AC74-2FECE3AF277F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69E511EF-7DE6-42CA-848C-E0FF2D04AB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5021AA5-A4D4-4E5F-85A8-CFF038EBD9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B80B0192-3ECE-4B44-B060-F6CE54A744C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_calibration:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "768BB000-6ED2-4289-8BCA-66981EC95BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A20FB3-C352-4F5C-BD5A-5814BBA837DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C2AB76-29C5-46BD-ABAD-37913D3A4675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_equipment_maintenance_assistant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEED2F57-E98D-479E-8303-2188AFA0C70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4317DA0E-678D-468F-8BE4-8BA20C01C588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB202BE-FF6E-49AC-84FF-F454361E5D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C05DA047-26F7-413E-8259-5F88C08AE2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "532219AE-9F4D-49B0-A625-A690C9E8A7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "160EE7B0-4F54-41F7-9266-C22776783BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19405179-FDEF-4207-B12F-C39D49B49F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FBE6121-5166-4C7A-B4BA-4D5F46720EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F66129CF-729D-4120-912E-E8109CF1E237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDF6664-537E-4CF8-9CCA-7C4746DE9B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F416A57-7B00-411D-B2D5-5BCB434568DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73EEADC8-01D0-4D80-83E4-1643603485CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7240562-D72E-4D3E-B392-3FB870320B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C32832CB-63FC-4F9E-81A4-3A8CE2F98319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F86AC-2C39-42DC-83EF-3BA2DBF99A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CFC29-9FD2-4BE5-9A66-6FA6F94C0D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC0DF05-9B84-45B8-924E-E4CB672F7C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D799591-F5D0-4B17-AE32-ABED616A65AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "095BBF20-1C8F-4FBC-8D72-3A3DB5A3F68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B3B2C5-E8D0-48A1-9837-40A627D7E742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E59EA84-F607-404B-A392-7D68C5672B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "21C989DE-2E87-4941-B0DA-9381964E2292",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, podr\u00edan permitir a un atacante remoto conducir ataques de phishing usando un ataque de tabnabbing.\u0026#xa0;Al persuadir a una v\u00edctima de visitar un sitio web especialmente dise\u00f1ado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para redireccionar a un usuario a un sitio web malicioso que parecer\u00eda ser confiable.\u0026#xa0;Esto podr\u00eda permitir a un atacante obtener informaci\u00f3n altamente confidencial o conducir nuevos ataques contra la v\u00edctima.\u0026#xa0;IBM X-Force ID: 179537"
}
],
"id": "CVE-2020-4409",
"lastModified": "2024-11-21T05:32:42.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-16T16:15:15.030",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6333091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6333091"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4644
Vulnerability from fkie_nvd - Published: 2020-04-17 14:15 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/170880 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6191583 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/170880 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6191583 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "830412EF-C21D-4455-9396-06222B32F61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9EA821-8DC7-4D08-B516-CA8D0692DD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31FDF238-C29E-4F15-AB54-C90226BC0A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8E3FBA-9DBB-487E-99AD-5E1119150D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4989C34-4B4E-4E53-A13E-13667DCBB19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD061C9-2D80-48CF-B660-68948B03F3C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28402BF3-15EC-41F5-AD53-EC196CF3F345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81A99155-0D86-4998-AC74-2FECE3AF277F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69E511EF-7DE6-42CA-848C-E0FF2D04AB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5021AA5-A4D4-4E5F-85A8-CFF038EBD9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B80B0192-3ECE-4B44-B060-F6CE54A744C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_calibration:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "768BB000-6ED2-4289-8BCA-66981EC95BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A20FB3-C352-4F5C-BD5A-5814BBA837DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C2AB76-29C5-46BD-ABAD-37913D3A4675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_equipment_maintenance_assistant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEED2F57-E98D-479E-8303-2188AFA0C70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4317DA0E-678D-468F-8BE4-8BA20C01C588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB202BE-FF6E-49AC-84FF-F454361E5D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C05DA047-26F7-413E-8259-5F88C08AE2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "532219AE-9F4D-49B0-A625-A690C9E8A7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "160EE7B0-4F54-41F7-9266-C22776783BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19405179-FDEF-4207-B12F-C39D49B49F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FBE6121-5166-4C7A-B4BA-4D5F46720EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F66129CF-729D-4120-912E-E8109CF1E237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDF6664-537E-4CF8-9CCA-7C4746DE9B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F416A57-7B00-411D-B2D5-5BCB434568DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73EEADC8-01D0-4D80-83E4-1643603485CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45C84F5F-C612-4A0A-AD91-A4335496E934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C32832CB-63FC-4F9E-81A4-3A8CE2F98319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F86AC-2C39-42DC-83EF-3BA2DBF99A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CFC29-9FD2-4BE5-9A66-6FA6F94C0D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC0DF05-9B84-45B8-924E-E4CB672F7C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D799591-F5D0-4B17-AE32-ABED616A65AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "095BBF20-1C8F-4FBC-8D72-3A3DB5A3F68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B3B2C5-E8D0-48A1-9837-40A627D7E742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E59EA84-F607-404B-A392-7D68C5672B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "21C989DE-2E87-4941-B0DA-9381964E2292",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versi\u00f3n 7.6, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista, conllevando a una divulgaci\u00f3n de credenciales en una sesi\u00f3n confiable. IBM X-Force ID: 170880."
}
],
"id": "CVE-2019-4644",
"lastModified": "2024-11-21T04:43:54.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-17T14:15:17.833",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6191583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6191583"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4446
Vulnerability from fkie_nvd - Published: 2020-04-17 14:15 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/163490 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6190215 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/163490 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6190215 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "830412EF-C21D-4455-9396-06222B32F61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9EA821-8DC7-4D08-B516-CA8D0692DD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31FDF238-C29E-4F15-AB54-C90226BC0A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8E3FBA-9DBB-487E-99AD-5E1119150D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4989C34-4B4E-4E53-A13E-13667DCBB19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA9420-81DA-46BA-9E9D-839E226C868F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30EAD1D0-E949-488E-81BE-0C49C0E93757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD061C9-2D80-48CF-B660-68948B03F3C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28402BF3-15EC-41F5-AD53-EC196CF3F345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81A99155-0D86-4998-AC74-2FECE3AF277F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69E511EF-7DE6-42CA-848C-E0FF2D04AB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5021AA5-A4D4-4E5F-85A8-CFF038EBD9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B80B0192-3ECE-4B44-B060-F6CE54A744C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_calibration:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "768BB000-6ED2-4289-8BCA-66981EC95BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A20FB3-C352-4F5C-BD5A-5814BBA837DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C2AB76-29C5-46BD-ABAD-37913D3A4675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_equipment_maintenance_assistant_on-premises:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28507169-71F2-4F97-BC1D-3A7935290762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4317DA0E-678D-468F-8BE4-8BA20C01C588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB202BE-FF6E-49AC-84FF-F454361E5D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C05DA047-26F7-413E-8259-5F88C08AE2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "532219AE-9F4D-49B0-A625-A690C9E8A7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "160EE7B0-4F54-41F7-9266-C22776783BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19405179-FDEF-4207-B12F-C39D49B49F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FBE6121-5166-4C7A-B4BA-4D5F46720EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F66129CF-729D-4120-912E-E8109CF1E237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDF6664-537E-4CF8-9CCA-7C4746DE9B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F416A57-7B00-411D-B2D5-5BCB434568DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73EEADC8-01D0-4D80-83E4-1643603485CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45C84F5F-C612-4A0A-AD91-A4335496E934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C32832CB-63FC-4F9E-81A4-3A8CE2F98319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F86AC-2C39-42DC-83EF-3BA2DBF99A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CFC29-9FD2-4BE5-9A66-6FA6F94C0D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC0DF05-9B84-45B8-924E-E4CB672F7C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "21C989DE-2E87-4941-B0DA-9381964E2292",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versi\u00f3n 7.6, podr\u00eda permitir a un usuario autentificado realizar acciones a las que no est\u00e1 autorizado al modificar los par\u00e1metros de petici\u00f3n. IBM X-Force ID: 163490."
}
],
"id": "CVE-2019-4446",
"lastModified": "2024-11-21T04:43:37.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-17T14:15:17.507",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6190215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6190215"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4749
Vulnerability from fkie_nvd - Published: 2020-04-17 14:15 - Updated: 2024-11-21 04:44
Severity ?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/173308 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6193479 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/173308 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6193479 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "830412EF-C21D-4455-9396-06222B32F61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9EA821-8DC7-4D08-B516-CA8D0692DD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31FDF238-C29E-4F15-AB54-C90226BC0A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8E3FBA-9DBB-487E-99AD-5E1119150D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4989C34-4B4E-4E53-A13E-13667DCBB19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD061C9-2D80-48CF-B660-68948B03F3C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28402BF3-15EC-41F5-AD53-EC196CF3F345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81A99155-0D86-4998-AC74-2FECE3AF277F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69E511EF-7DE6-42CA-848C-E0FF2D04AB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5021AA5-A4D4-4E5F-85A8-CFF038EBD9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B80B0192-3ECE-4B44-B060-F6CE54A744C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_calibration:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "768BB000-6ED2-4289-8BCA-66981EC95BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A20FB3-C352-4F5C-BD5A-5814BBA837DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C2AB76-29C5-46BD-ABAD-37913D3A4675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_equipment_maintenance_assistant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEED2F57-E98D-479E-8303-2188AFA0C70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4317DA0E-678D-468F-8BE4-8BA20C01C588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB202BE-FF6E-49AC-84FF-F454361E5D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C05DA047-26F7-413E-8259-5F88C08AE2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "532219AE-9F4D-49B0-A625-A690C9E8A7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "160EE7B0-4F54-41F7-9266-C22776783BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19405179-FDEF-4207-B12F-C39D49B49F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FBE6121-5166-4C7A-B4BA-4D5F46720EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F66129CF-729D-4120-912E-E8109CF1E237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDF6664-537E-4CF8-9CCA-7C4746DE9B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F416A57-7B00-411D-B2D5-5BCB434568DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73EEADC8-01D0-4D80-83E4-1643603485CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45C84F5F-C612-4A0A-AD91-A4335496E934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C32832CB-63FC-4F9E-81A4-3A8CE2F98319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F86AC-2C39-42DC-83EF-3BA2DBF99A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CFC29-9FD2-4BE5-9A66-6FA6F94C0D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC0DF05-9B84-45B8-924E-E4CB672F7C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D799591-F5D0-4B17-AE32-ABED616A65AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "095BBF20-1C8F-4FBC-8D72-3A3DB5A3F68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B3B2C5-E8D0-48A1-9837-40A627D7E742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E59EA84-F607-404B-A392-7D68C5672B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "797807D9-2137-414A-BB28-46DBC0288161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8708C64F-7940-46E7-94FB-1D1CF3B864B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versi\u00f3n 7.6, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista, conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 173308."
}
],
"id": "CVE-2019-4749",
"lastModified": "2024-11-21T04:44:06.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-17T14:15:17.957",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6193479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6193479"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4429
Vulnerability from fkie_nvd - Published: 2020-02-19 16:15 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/162886 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1489053 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/162886 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1489053 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | control_desk | 7.6.1 | |
| ibm | control_desk | 7.6.1.1 | |
| ibm | maximo_anywhere | 7.6.0.0 | |
| ibm | maximo_anywhere | 7.6.1.0 | |
| ibm | maximo_for_aviation | 7.6.6 | |
| ibm | maximo_for_aviation | 7.6.7 | |
| ibm | maximo_for_aviation | 7.6.8 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.6.1 | |
| ibm | maximo_for_oil_and_gas | 7.6.1 | |
| ibm | maximo_for_transportation | 7.6.2.3 | |
| ibm | maximo_for_transportation | 7.6.2.4 | |
| ibm | maximo_for_transportation | 7.6.2.5 | |
| ibm | maximo_for_utilities | 7.6.0.1 | |
| ibm | maximo_for_utilities | 7.6.0.2 | |
| ibm | smartcloud_control_desk | - | |
| ibm | tivoli_integration_composer | 7.6.0.1 | |
| ibm | tivoli_integration_composer | 7.6.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_anywhere:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67CD3018-546A-4CFF-B28B-A7DF2EE71634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_anywhere:7.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E203B3E-6A26-40BD-8F72-B738D4BF6EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4317DA0E-678D-468F-8BE4-8BA20C01C588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB202BE-FF6E-49AC-84FF-F454361E5D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C05DA047-26F7-413E-8259-5F88C08AE2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "532219AE-9F4D-49B0-A625-A690C9E8A7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "160EE7B0-4F54-41F7-9266-C22776783BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDF6664-537E-4CF8-9CCA-7C4746DE9B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F416A57-7B00-411D-B2D5-5BCB434568DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73EEADC8-01D0-4D80-83E4-1643603485CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "797807D9-2137-414A-BB28-46DBC0288161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8708C64F-7940-46E7-94FB-1D1CF3B864B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a un usuario insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 162886."
}
],
"id": "CVE-2019-4429",
"lastModified": "2024-11-21T04:43:35.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-19T16:15:11.187",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1489053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1489053"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4486
Vulnerability from fkie_nvd - Published: 2019-10-24 12:15 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/164070 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1075023 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/164070 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1075023 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | * | |
| ibm | maximo_asset_management | * | |
| ibm | maximo_for_aviation | 7.6 | |
| ibm | maximo_for_aviation | 7.6.1 | |
| ibm | maximo_for_aviation | 7.6.2 | |
| ibm | maximo_for_aviation | 7.6.2.1 | |
| ibm | maximo_for_aviation | 7.6.3 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.6.0 | |
| ibm | maximo_for_oil_and_gas | 7.6.0 | |
| ibm | maximo_for_transportation | 7.6.1 | |
| ibm | maximo_for_transportation | 7.6.2 | |
| ibm | maximo_for_transportation | 7.6.2.1 | |
| ibm | maximo_for_transportation | 7.6.2.2 | |
| ibm | maximo_for_transportation | 7.6.2.3 | |
| ibm | maximo_for_transportation | 7.6.2.4 | |
| ibm | maximo_for_utilities | 7.6 | |
| ibm | smartcloud_control_desk | 7.6.0 | |
| ibm | smartcloud_control_desk | 7.6.0.1 | |
| ibm | tivoli_integration_composer | 7.2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09D8BBE4-26EC-4488-95B7-32B46C574CA9",
"versionEndExcluding": "7.6.0.10",
"versionStartIncluding": "7.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C55730A-B02C-4EBF-BBB1-0BEB566D8817",
"versionEndExcluding": "7.6.1.1",
"versionStartIncluding": "7.6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4ED8884A-10E2-41F8-B057-126F5503D5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54B1037D-F4D1-4CD6-BBD7-6E72EB4A1620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05AF2B2A-A380-45BA-867F-11F0FD159590",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versi\u00f3n 7.6, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 164070."
}
],
"id": "CVE-2019-4486",
"lastModified": "2024-11-21T04:43:39.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-24T12:15:12.070",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1075023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1075023"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4512
Vulnerability from fkie_nvd - Published: 2019-10-09 16:15 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/164554 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1075413 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/164554 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1075413 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.6.1.1 | |
| ibm | control_desk | 7.6.0 | |
| ibm | control_desk | 7.6.0.1 | |
| ibm | maximo_for_aviation | 7.6 | |
| ibm | maximo_for_aviation | 7.6.1 | |
| ibm | maximo_for_aviation | 7.6.2 | |
| ibm | maximo_for_aviation | 7.6.2.1 | |
| ibm | maximo_for_aviation | 7.6.3 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.6.0 | |
| ibm | maximo_for_oil_and_gas | 7.6.0 | |
| ibm | maximo_for_transportation | 7.6.1 | |
| ibm | maximo_for_transportation | 7.6.2 | |
| ibm | maximo_for_transportation | 7.6.2.1 | |
| ibm | maximo_for_transportation | 7.6.2.2 | |
| ibm | maximo_for_transportation | 7.6.2.3 | |
| ibm | maximo_for_transportation | 7.6.2.4 | |
| ibm | maximo_for_utilities | 7.6 | |
| ibm | smartcloud_control_desk | - | |
| ibm | tivoli_integration_composer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versi\u00f3n 7.6.1.1, genera un mensaje de error que incluye informaci\u00f3n confidencial que podr\u00eda ser usada en futuros ataques contra el sistema. ID de IBM X-Force: 164554."
}
],
"id": "CVE-2019-4512",
"lastModified": "2024-11-21T04:43:40.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-09T16:15:16.267",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1075413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1075413"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4364
Vulnerability from fkie_nvd - Published: 2019-06-19 14:15 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/108910 | Broken Link, Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/161680 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10887557 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108910 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/161680 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10887557 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.6 | |
| ibm | control_desk | 7.6.0 | |
| ibm | control_desk | 7.6.0.1 | |
| ibm | maximo_for_aviation | 7.6 | |
| ibm | maximo_for_aviation | 7.6.1 | |
| ibm | maximo_for_aviation | 7.6.2 | |
| ibm | maximo_for_aviation | 7.6.2.1 | |
| ibm | maximo_for_aviation | 7.6.3 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.6.0 | |
| ibm | maximo_for_oil_and_gas | 7.6.0 | |
| ibm | maximo_for_transportation | 7.6.1 | |
| ibm | maximo_for_transportation | 7.6.2 | |
| ibm | maximo_for_transportation | 7.6.2.1 | |
| ibm | maximo_for_transportation | 7.6.2.2 | |
| ibm | maximo_for_transportation | 7.6.2.3 | |
| ibm | maximo_for_transportation | 7.6.2.4 | |
| ibm | maximo_for_utilities | 7.6 | |
| ibm | smartcloud_control_desk | - | |
| ibm | tivoli_integration_composer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versi\u00f3n 7.6 es vulnerable a la inyecci\u00f3n de CSV, lo que podr\u00eda permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema. ID de IBM X-Force: 161680."
}
],
"id": "CVE-2019-4364",
"lastModified": "2024-11-21T04:43:30.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-19T14:15:11.020",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108910"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4303
Vulnerability from fkie_nvd - Published: 2019-06-19 14:15 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/108912 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/160949 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10887563 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108912 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/160949 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10887563 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.6 | |
| ibm | control_desk | 7.6.0 | |
| ibm | control_desk | 7.6.0.1 | |
| ibm | maximo_for_aviation | 7.6 | |
| ibm | maximo_for_aviation | 7.6.1 | |
| ibm | maximo_for_aviation | 7.6.2 | |
| ibm | maximo_for_aviation | 7.6.2.1 | |
| ibm | maximo_for_aviation | 7.6.3 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.6.0 | |
| ibm | maximo_for_oil_and_gas | 7.6.0 | |
| ibm | maximo_for_transportation | 7.6.1 | |
| ibm | maximo_for_transportation | 7.6.2 | |
| ibm | maximo_for_transportation | 7.6.2.1 | |
| ibm | maximo_for_transportation | 7.6.2.2 | |
| ibm | maximo_for_transportation | 7.6.2.3 | |
| ibm | maximo_for_transportation | 7.6.2.4 | |
| ibm | maximo_for_utilities | 7.6 | |
| ibm | smartcloud_control_desk | - | |
| ibm | tivoli_integration_composer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versi\u00f3n 7.6 es vulnerable a cross-site-scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista que puede conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza. ID de IBM X-Force: 160949."
}
],
"id": "CVE-2019-4303",
"lastModified": "2024-11-21T04:43:26.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-19T14:15:10.973",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108912"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4048
Vulnerability from fkie_nvd - Published: 2019-06-06 01:29 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/156311 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10880147 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/156311 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10880147 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | control_desk | 7.6.0 | |
| ibm | control_desk | 7.6.0.1 | |
| ibm | control_desk | 7.6.1 | |
| ibm | maximo_asset_management | 7.6 | |
| ibm | maximo_for_aviation | 7.6 | |
| ibm | maximo_for_aviation | 7.6.1 | |
| ibm | maximo_for_aviation | 7.6.2 | |
| ibm | maximo_for_aviation | 7.6.2.1 | |
| ibm | maximo_for_aviation | 7.6.3 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.6.0 | |
| ibm | maximo_for_oil_and_gas | 7.6.0 | |
| ibm | maximo_for_transportation | 7.6.1 | |
| ibm | maximo_for_transportation | 7.6.2 | |
| ibm | maximo_for_transportation | 7.6.2.1 | |
| ibm | maximo_for_transportation | 7.6.2.2 | |
| ibm | maximo_for_transportation | 7.6.2.3 | |
| ibm | maximo_for_transportation | 7.6.2.4 | |
| ibm | maximo_for_utilities | 7.6 | |
| ibm | smartcloud_control_desk | - | |
| ibm | tivoli_integration_composer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versi\u00f3n 7.6 podr\u00eda permitir a un usuario f\u00edsico del sistema obtener informaci\u00f3n confidencial de un usuario anterior de la misma m\u00e1quina. ID de IBM X-Force: 156311."
}
],
"id": "CVE-2019-4048",
"lastModified": "2024-11-21T04:43:05.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-06T01:29:00.290",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4056
Vulnerability from fkie_nvd - Published: 2019-06-06 01:29 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/156565 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10880149 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/156565 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10880149 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | control_desk | 7.6.0 | |
| ibm | control_desk | 7.6.0.1 | |
| ibm | maximo_asset_management | 7.6 | |
| ibm | maximo_for_aviation | 7.6 | |
| ibm | maximo_for_aviation | 7.6.1 | |
| ibm | maximo_for_aviation | 7.6.2 | |
| ibm | maximo_for_aviation | 7.6.2.1 | |
| ibm | maximo_for_aviation | 7.6.3 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.6.0 | |
| ibm | maximo_for_oil_and_gas | 7.6.0 | |
| ibm | maximo_for_transportation | 7.6.1 | |
| ibm | maximo_for_transportation | 7.6.2 | |
| ibm | maximo_for_transportation | 7.6.2.1 | |
| ibm | maximo_for_transportation | 7.6.2.2 | |
| ibm | maximo_for_transportation | 7.6.2.3 | |
| ibm | maximo_for_transportation | 7.6.2.4 | |
| ibm | maximo_for_utilities | 7.6 | |
| ibm | smartcloud_control_desk | - | |
| ibm | tivoli_integration_composer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 Work Centers\u0027 application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Work Center de IBM Maximo Asset Management versi\u00f3n 7.6 no comprueba el tipo de archivo en la carga, lo que permite a los atacantes cargar archivos maliciosos. ID de IBM X-Force: 156565."
}
],
"id": "CVE-2019-4056",
"lastModified": "2024-11-21T04:43:05.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-06T01:29:00.337",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-2028
Vulnerability from fkie_nvd - Published: 2019-06-06 01:29 - Updated: 2024-11-21 04:03
Severity ?
Summary
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/155554 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10880145 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/155554 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10880145 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | control_desk | 7.6.0 | |
| ibm | control_desk | 7.6.0.1 | |
| ibm | maximo_asset_management | 7.6 | |
| ibm | maximo_for_aviation | 7.6 | |
| ibm | maximo_for_aviation | 7.6.1 | |
| ibm | maximo_for_aviation | 7.6.2 | |
| ibm | maximo_for_aviation | 7.6.2.1 | |
| ibm | maximo_for_aviation | 7.6.3 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.6.0 | |
| ibm | maximo_for_oil_and_gas | 7.6.0 | |
| ibm | maximo_for_transportation | 7.6.1 | |
| ibm | maximo_for_transportation | 7.6.2 | |
| ibm | maximo_for_transportation | 7.6.2.1 | |
| ibm | maximo_for_transportation | 7.6.2.2 | |
| ibm | maximo_for_transportation | 7.6.2.3 | |
| ibm | maximo_for_transportation | 7.6.2.4 | |
| ibm | maximo_for_utilities | 7.6 | |
| ibm | smartcloud_control_desk | - | |
| ibm | tivoli_integration_composer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versi\u00f3n 7.6 podr\u00eda permitir que un usuario autenticado sustituya una p\u00e1gina de destino por un sitio de phishing, lo que permitir\u00eda al atacante obtener informaci\u00f3n muy confidencial. ID de IBM X-Force: 155554."
}
],
"id": "CVE-2018-2028",
"lastModified": "2024-11-21T04:03:36.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-06T01:29:00.227",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-4409 (GCVE-0-2020-4409)
Vulnerability from cvelistv5 – Published: 2020-09-16 15:55 – Updated: 2024-09-16 17:59
VLAI?
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6.0
Affected: 7.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6333091"
},
{
"name": "ibm-maximo-cve20204409-gain-access (179537)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"status": "affected",
"version": "7.6.1"
}
]
}
],
"datePublic": "2020-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/PR:L/C:N/UI:R/I:H/A:N/AC:L/S:C/AV:N/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-16T15:55:14",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6333091"
},
{
"name": "ibm-maximo-cve20204409-gain-access (179537)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-09-15T00:00:00",
"ID": "CVE-2020-4409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6.0"
},
{
"version_value": "7.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6333091",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6333091 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/6333091"
},
{
"name": "ibm-maximo-cve20204409-gain-access (179537)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4409",
"datePublished": "2020-09-16T15:55:14.429944Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T17:59:43.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4749 (GCVE-0-2019-4749)
Vulnerability from cvelistv5 – Published: 2020-04-17 13:25 – Updated: 2024-09-17 03:22
VLAI?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:49.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6193479"
},
{
"name": "ibm-maximo-cve20194749-xss (173308)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2020-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/PR:L/UI:R/AV:N/A:N/AC:L/C:L/I:L/S:C/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-17T13:25:26",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6193479"
},
{
"name": "ibm-maximo-cve20194749-xss (173308)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-16T00:00:00",
"ID": "CVE-2019-4749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6193479",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6193479 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/6193479"
},
{
"name": "ibm-maximo-cve20194749-xss (173308)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4749",
"datePublished": "2020-04-17T13:25:26.685011Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T03:22:52.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4644 (GCVE-0-2019-4644)
Vulnerability from cvelistv5 – Published: 2020-04-17 13:25 – Updated: 2024-09-16 19:01
VLAI?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6191583"
},
{
"name": "ibm-maximo-cve20194644-xss (170880)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2020-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/C:L/S:C/I:L/A:N/PR:N/UI:R/AV:N/E:H/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-17T13:25:26",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6191583"
},
{
"name": "ibm-maximo-cve20194644-xss (170880)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-16T00:00:00",
"ID": "CVE-2019-4644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6191583",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6191583 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/6191583"
},
{
"name": "ibm-maximo-cve20194644-xss (170880)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4644",
"datePublished": "2020-04-17T13:25:26.254254Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:01:05.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4446 (GCVE-0-2019-4446)
Vulnerability from cvelistv5 – Published: 2020-04-17 13:25 – Updated: 2024-09-16 17:38
VLAI?
Summary
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6190215"
},
{
"name": "ibm-maximo-cve20194446-insecure-perms (163490)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2020-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/AV:N/PR:L/A:N/I:L/S:U/C:L/AC:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-17T13:25:25",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6190215"
},
{
"name": "ibm-maximo-cve20194446-insecure-perms (163490)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-16T00:00:00",
"ID": "CVE-2019-4446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6190215",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6190215 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/6190215"
},
{
"name": "ibm-maximo-cve20194446-insecure-perms (163490)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4446",
"datePublished": "2020-04-17T13:25:25.783081Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T17:38:35.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4429 (GCVE-0-2019-4429)
Vulnerability from cvelistv5 – Published: 2020-02-19 15:15 – Updated: 2024-09-17 02:36
VLAI?
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6.0
Affected: 7.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1489053"
},
{
"name": "ibm-maximo-cve20194429-xss (162886)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"status": "affected",
"version": "7.6.1"
}
]
}
],
"datePublic": "2020-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/PR:L/AC:L/C:L/S:C/UI:R/AV:N/I:L/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T15:15:44",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1489053"
},
{
"name": "ibm-maximo-cve20194429-xss (162886)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-18T00:00:00",
"ID": "CVE-2019-4429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6.0"
},
{
"version_value": "7.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1489053",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1489053 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/1489053"
},
{
"name": "ibm-maximo-cve20194429-xss (162886)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4429",
"datePublished": "2020-02-19T15:15:44.172383Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:36:20.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4486 (GCVE-0-2019-4486)
Vulnerability from cvelistv5 – Published: 2019-10-24 12:00 – Updated: 2024-09-17 02:27
VLAI?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1075023"
},
{
"name": "ibm-maximo-cve20194486-xss (164070)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2019-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/UI:R/AC:L/C:L/S:C/PR:L/A:N/AV:N/I:L/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-24T12:00:39",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1075023"
},
{
"name": "ibm-maximo-cve20194486-xss (164070)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-10-22T00:00:00",
"ID": "CVE-2019-4486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1075023",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1075023 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/1075023"
},
{
"name": "ibm-maximo-cve20194486-xss (164070)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4486",
"datePublished": "2019-10-24T12:00:39.114131Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:27:26.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4512 (GCVE-0-2019-4512)
Vulnerability from cvelistv5 – Published: 2019-10-09 15:00 – Updated: 2024-09-17 02:36
VLAI?
Summary
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1075413"
},
{
"name": "ibm-maximo-cve20194512-info-disc (164554)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6.1.1"
}
]
}
],
"datePublic": "2019-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/I:N/C:L/S:U/UI:N/A:N/PR:L/AC:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T15:00:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1075413"
},
{
"name": "ibm-maximo-cve20194512-info-disc (164554)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-10-08T00:00:00",
"ID": "CVE-2019-4512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1075413",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1075413 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/1075413"
},
{
"name": "ibm-maximo-cve20194512-info-disc (164554)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4512",
"datePublished": "2019-10-09T15:00:23.883418Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:36:34.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4364 (GCVE-0-2019-4364)
Vulnerability from cvelistv5 – Published: 2019-06-19 13:30 – Updated: 2024-09-16 18:39
VLAI?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
},
{
"name": "ibm-maximo-cve20194364-code-exec (161680)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
},
{
"name": "108910",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108910"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2019-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/S:U/C:L/I:L/UI:R/A:L/AC:L/AV:N/PR:L/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T12:06:04",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
},
{
"name": "ibm-maximo-cve20194364-code-exec (161680)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
},
{
"name": "108910",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108910"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-17T00:00:00",
"ID": "CVE-2019-4364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10887557",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 887557 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
},
{
"name": "ibm-maximo-cve20194364-code-exec (161680)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
},
{
"name": "108910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108910"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4364",
"datePublished": "2019-06-19T13:30:19.753226Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:39:05.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4303 (GCVE-0-2019-4303)
Vulnerability from cvelistv5 – Published: 2019-06-19 13:30 – Updated: 2024-09-16 23:00
VLAI?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
},
{
"name": "ibm-maximo-cve20194303-xss (160949)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
},
{
"name": "108912",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108912"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2019-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/C:L/I:L/S:C/A:N/AC:L/UI:R/AV:N/PR:L/RL:O/RC:C/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T13:06:08",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
},
{
"name": "ibm-maximo-cve20194303-xss (160949)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
},
{
"name": "108912",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108912"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-17T00:00:00",
"ID": "CVE-2019-4303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10887563",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 887563 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
},
{
"name": "ibm-maximo-cve20194303-xss (160949)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
},
{
"name": "108912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108912"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4303",
"datePublished": "2019-06-19T13:30:19.709079Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:00:36.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4409 (GCVE-0-2020-4409)
Vulnerability from nvd – Published: 2020-09-16 15:55 – Updated: 2024-09-16 17:59
VLAI?
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6.0
Affected: 7.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6333091"
},
{
"name": "ibm-maximo-cve20204409-gain-access (179537)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"status": "affected",
"version": "7.6.1"
}
]
}
],
"datePublic": "2020-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/PR:L/C:N/UI:R/I:H/A:N/AC:L/S:C/AV:N/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-16T15:55:14",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6333091"
},
{
"name": "ibm-maximo-cve20204409-gain-access (179537)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-09-15T00:00:00",
"ID": "CVE-2020-4409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6.0"
},
{
"version_value": "7.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6333091",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6333091 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/6333091"
},
{
"name": "ibm-maximo-cve20204409-gain-access (179537)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4409",
"datePublished": "2020-09-16T15:55:14.429944Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T17:59:43.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4749 (GCVE-0-2019-4749)
Vulnerability from nvd – Published: 2020-04-17 13:25 – Updated: 2024-09-17 03:22
VLAI?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:49.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6193479"
},
{
"name": "ibm-maximo-cve20194749-xss (173308)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2020-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/PR:L/UI:R/AV:N/A:N/AC:L/C:L/I:L/S:C/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-17T13:25:26",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6193479"
},
{
"name": "ibm-maximo-cve20194749-xss (173308)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-16T00:00:00",
"ID": "CVE-2019-4749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6193479",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6193479 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/6193479"
},
{
"name": "ibm-maximo-cve20194749-xss (173308)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4749",
"datePublished": "2020-04-17T13:25:26.685011Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T03:22:52.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4644 (GCVE-0-2019-4644)
Vulnerability from nvd – Published: 2020-04-17 13:25 – Updated: 2024-09-16 19:01
VLAI?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6191583"
},
{
"name": "ibm-maximo-cve20194644-xss (170880)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2020-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/C:L/S:C/I:L/A:N/PR:N/UI:R/AV:N/E:H/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-17T13:25:26",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6191583"
},
{
"name": "ibm-maximo-cve20194644-xss (170880)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-16T00:00:00",
"ID": "CVE-2019-4644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6191583",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6191583 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/6191583"
},
{
"name": "ibm-maximo-cve20194644-xss (170880)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4644",
"datePublished": "2020-04-17T13:25:26.254254Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:01:05.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4446 (GCVE-0-2019-4446)
Vulnerability from nvd – Published: 2020-04-17 13:25 – Updated: 2024-09-16 17:38
VLAI?
Summary
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6190215"
},
{
"name": "ibm-maximo-cve20194446-insecure-perms (163490)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2020-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/AV:N/PR:L/A:N/I:L/S:U/C:L/AC:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-17T13:25:25",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6190215"
},
{
"name": "ibm-maximo-cve20194446-insecure-perms (163490)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-16T00:00:00",
"ID": "CVE-2019-4446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6190215",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6190215 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/6190215"
},
{
"name": "ibm-maximo-cve20194446-insecure-perms (163490)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4446",
"datePublished": "2020-04-17T13:25:25.783081Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T17:38:35.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4429 (GCVE-0-2019-4429)
Vulnerability from nvd – Published: 2020-02-19 15:15 – Updated: 2024-09-17 02:36
VLAI?
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6.0
Affected: 7.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1489053"
},
{
"name": "ibm-maximo-cve20194429-xss (162886)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"status": "affected",
"version": "7.6.1"
}
]
}
],
"datePublic": "2020-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/PR:L/AC:L/C:L/S:C/UI:R/AV:N/I:L/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T15:15:44",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1489053"
},
{
"name": "ibm-maximo-cve20194429-xss (162886)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-18T00:00:00",
"ID": "CVE-2019-4429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6.0"
},
{
"version_value": "7.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1489053",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1489053 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/1489053"
},
{
"name": "ibm-maximo-cve20194429-xss (162886)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4429",
"datePublished": "2020-02-19T15:15:44.172383Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:36:20.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4486 (GCVE-0-2019-4486)
Vulnerability from nvd – Published: 2019-10-24 12:00 – Updated: 2024-09-17 02:27
VLAI?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1075023"
},
{
"name": "ibm-maximo-cve20194486-xss (164070)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2019-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/UI:R/AC:L/C:L/S:C/PR:L/A:N/AV:N/I:L/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-24T12:00:39",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1075023"
},
{
"name": "ibm-maximo-cve20194486-xss (164070)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-10-22T00:00:00",
"ID": "CVE-2019-4486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1075023",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1075023 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/1075023"
},
{
"name": "ibm-maximo-cve20194486-xss (164070)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4486",
"datePublished": "2019-10-24T12:00:39.114131Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:27:26.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4512 (GCVE-0-2019-4512)
Vulnerability from nvd – Published: 2019-10-09 15:00 – Updated: 2024-09-17 02:36
VLAI?
Summary
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1075413"
},
{
"name": "ibm-maximo-cve20194512-info-disc (164554)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6.1.1"
}
]
}
],
"datePublic": "2019-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/I:N/C:L/S:U/UI:N/A:N/PR:L/AC:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T15:00:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1075413"
},
{
"name": "ibm-maximo-cve20194512-info-disc (164554)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-10-08T00:00:00",
"ID": "CVE-2019-4512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1075413",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1075413 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/1075413"
},
{
"name": "ibm-maximo-cve20194512-info-disc (164554)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4512",
"datePublished": "2019-10-09T15:00:23.883418Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:36:34.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4364 (GCVE-0-2019-4364)
Vulnerability from nvd – Published: 2019-06-19 13:30 – Updated: 2024-09-16 18:39
VLAI?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
},
{
"name": "ibm-maximo-cve20194364-code-exec (161680)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
},
{
"name": "108910",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108910"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2019-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/S:U/C:L/I:L/UI:R/A:L/AC:L/AV:N/PR:L/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T12:06:04",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
},
{
"name": "ibm-maximo-cve20194364-code-exec (161680)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
},
{
"name": "108910",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108910"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-17T00:00:00",
"ID": "CVE-2019-4364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10887557",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 887557 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
},
{
"name": "ibm-maximo-cve20194364-code-exec (161680)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
},
{
"name": "108910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108910"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4364",
"datePublished": "2019-06-19T13:30:19.753226Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:39:05.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4303 (GCVE-0-2019-4303)
Vulnerability from nvd – Published: 2019-06-19 13:30 – Updated: 2024-09-16 23:00
VLAI?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
},
{
"name": "ibm-maximo-cve20194303-xss (160949)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
},
{
"name": "108912",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108912"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2019-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/C:L/I:L/S:C/A:N/AC:L/UI:R/AV:N/PR:L/RL:O/RC:C/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T13:06:08",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
},
{
"name": "ibm-maximo-cve20194303-xss (160949)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
},
{
"name": "108912",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108912"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-17T00:00:00",
"ID": "CVE-2019-4303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10887563",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 887563 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
},
{
"name": "ibm-maximo-cve20194303-xss (160949)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
},
{
"name": "108912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108912"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4303",
"datePublished": "2019-06-19T13:30:19.709079Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:00:36.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}