IBM Maximo for Life Sciences 7.6

CPE Details

IBM Maximo for Life Sciences 7.6
7.6
2016-01-06
16h37 +00:00
2016-01-06
16h37 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*

Informations

Vendor

ibm

Product

maximo_for_life_sciences

Version

7.6

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-4409 2020-09-16 15h55 +00:00 IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537.
8.2
High
CVE-2019-4749 2020-04-17 13h25 +00:00 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308.
5.4
Medium
CVE-2019-4644 2020-04-17 13h25 +00:00 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.
6.1
Medium
CVE-2019-4446 2020-04-17 13h25 +00:00 IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.
5.4
Medium
CVE-2019-4745 2020-02-24 15h35 +00:00 IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883.
4.3
Medium
CVE-2019-4429 2020-02-19 15h15 +00:00 IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.
5.4
Medium
CVE-2019-4486 2019-10-24 12h00 +00:00 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.
5.4
Medium
CVE-2019-4512 2019-10-09 15h00 +00:00 IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.
4.3
Medium
CVE-2019-4364 2019-06-19 13h30 +00:00 IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.
8
High
CVE-2019-4303 2019-06-19 13h30 +00:00 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.
5.4
Medium
CVE-2019-4056 2019-06-06 00h35 +00:00 IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.
4.3
Medium
CVE-2019-4048 2019-06-06 00h35 +00:00 IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.
2.1
Low
CVE-2018-2028 2019-06-06 00h35 +00:00 IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.
6.5
Medium
CVE-2015-5016 2018-03-27 15h00 +00:00 IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.
4.3
Medium
CVE-2016-5902 2017-02-08 21h00 +00:00 IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
6.1
Medium
CVE-2016-5896 2017-02-01 19h00 +00:00 IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.
5.3
Medium
CVE-2015-7448 2016-03-12 14h00 +00:00 SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
5.4
Medium
CVE-2015-5017 2016-01-03 01h00 +00:00 IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.
5.4
Medium
CVE-2015-5051 2016-01-03 01h00 +00:00 IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.
4.3
Medium
CVE-2015-7396 2016-01-02 20h00 +00:00 The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors.
5.4
Medium
CVE-2015-7452 2016-01-02 20h00 +00:00 IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API.
4.3
Medium
CVE-2015-7451 2016-01-02 01h00 +00:00 Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
5.4
Medium