Skip to main content

Tivoli Integration Composer

8 CVEs product

Monthly

CVE-2020-4409 HIGH PATCH This Week

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

IBM Open Redirect Control Desk Maximo Asset Configuration Manager Maximo Asset Health Insights +17
NVD
CVSS 3.1
8.2
EPSS
0.9%
CVE-2019-4486 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management Maximo For Aviation Maximo For Life Sciences +6
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4512 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Maximo Asset Management Control Desk Maximo For Aviation +7
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-4364 HIGH This Week

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection IBM Maximo Asset Management Control Desk Maximo For Aviation +7
NVD
CVSS 3.1
8.0
EPSS
2.6%
CVE-2019-4303 MEDIUM This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Maximo Asset Management Control Desk Maximo For Aviation +7
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-4056 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM Control Desk Maximo Asset Management Maximo For Aviation +7
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-4048 LOW PATCH Monitor

IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Control Desk Maximo Asset Management Maximo For Aviation +7
NVD
CVSS 3.1
2.1
EPSS
0.3%
CVE-2016-6072 MEDIUM PATCH This Month

IBM Maximo Asset Management is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management Maximo For Aviation Maximo For Life Sciences +9
NVD
CVSS 3.0
5.4
EPSS
0.2%
EPSS 1% CVSS 8.2
HIGH PATCH This Week

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

IBM Open Redirect Control Desk +19
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management +8
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Maximo Asset Management +9
NVD
EPSS 3% CVSS 8.0
HIGH This Week

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection IBM Maximo Asset Management +9
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Maximo Asset Management +9
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM Control Desk +9
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Control Desk +9
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Maximo Asset Management is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management +11
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy