Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for Maximo Asset Management by IBM Corporation
CVE-2016-9976 (GCVE-0-2016-9976)
Vulnerability from nvd – Published: 2017-05-03 17:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Maximo Asset Management |
Affected:
7.1, 7.5, 7.6
|
Date Public ?
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
},
{
"name": "98305",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "7.1, 7.5, 7.6"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-05T09:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
},
{
"name": "98305",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98305"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.1, 7.5, 7.6"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22002018",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
},
{
"name": "98305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98305"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9976",
"datePublished": "2017-05-03T17:00:00.000Z",
"dateReserved": "2016-12-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:07:31.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8924 (GCVE-0-2016-8924)
Vulnerability from nvd – Published: 2017-04-26 17:00 – Updated: 2024-08-06 02:35
VLAI?
Summary
IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Maximo Asset Management |
Affected:
7.1, 7.1.1, 7.5, 7.6
|
Date Public ?
2017-04-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98023",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98023"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "7.1, 7.1.1, 7.5, 7.6"
}
]
}
],
"datePublic": "2017-04-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 118537."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-27T09:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "98023",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98023"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996256"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.1, 7.1.1, 7.5, 7.6"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 118537."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98023"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21996256",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996256"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8924",
"datePublished": "2017-04-26T17:00:00.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1124 (GCVE-0-2017-1124)
Vulnerability from nvd – Published: 2017-03-07 17:00 – Updated: 2024-08-05 13:25
VLAI?
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Maximo Asset Management |
Affected:
6.2
Affected: 7.1 Affected: 7.5 Affected: 7.5.0.0 Affected: 7.5.0.10 Affected: 7.1.0.0 Affected: 6.2.0.0 Affected: 7.2 Affected: 7.1.1 Affected: 7.1.2 Affected: 7.2.1 Affected: 6.2.1 Affected: 6.2.2 Affected: 6.2.3 Affected: 6.2.4 Affected: 6.2.5 Affected: 6.2.6 Affected: 6.2.7 Affected: 6.2.8 Affected: 7.1.1.1 Affected: 7.1.1.10 Affected: 7.1.1.11 Affected: 7.1.1.12 Affected: 7.1.1.2 Affected: 7.1.1.5 Affected: 7.1.1.6 Affected: 7.1.1.7 Affected: 7.1.1.8 Affected: 7.1.1.9 Affected: 7.5.0.1 Affected: 7.5.0.2 Affected: 7.5.0.3 Affected: 7.5.0.4 Affected: 7.5.0.5 Affected: 7.6 Affected: 7.5.0 Affected: 7.6.0 |
Date Public ?
2017-03-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998053"
},
{
"name": "96536",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.5.0.0"
},
{
"status": "affected",
"version": "7.5.0.10"
},
{
"status": "affected",
"version": "7.1.0.0"
},
{
"status": "affected",
"version": "6.2.0.0"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.4"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.6"
},
{
"status": "affected",
"version": "6.2.7"
},
{
"status": "affected",
"version": "6.2.8"
},
{
"status": "affected",
"version": "7.1.1.1"
},
{
"status": "affected",
"version": "7.1.1.10"
},
{
"status": "affected",
"version": "7.1.1.11"
},
{
"status": "affected",
"version": "7.1.1.12"
},
{
"status": "affected",
"version": "7.1.1.2"
},
{
"status": "affected",
"version": "7.1.1.5"
},
{
"status": "affected",
"version": "7.1.1.6"
},
{
"status": "affected",
"version": "7.1.1.7"
},
{
"status": "affected",
"version": "7.1.1.8"
},
{
"status": "affected",
"version": "7.1.1.9"
},
{
"status": "affected",
"version": "7.5.0.1"
},
{
"status": "affected",
"version": "7.5.0.2"
},
{
"status": "affected",
"version": "7.5.0.3"
},
{
"status": "affected",
"version": "7.5.0.4"
},
{
"status": "affected",
"version": "7.5.0.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.6.0"
}
]
}
],
"datePublic": "2017-03-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-08T10:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998053"
},
{
"name": "96536",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "6.2"
},
{
"version_value": "7.1"
},
{
"version_value": "7.5"
},
{
"version_value": "7.5.0.0"
},
{
"version_value": "7.5.0.10"
},
{
"version_value": "7.1.0.0"
},
{
"version_value": "6.2.0.0"
},
{
"version_value": "7.2"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
},
{
"version_value": "7.2.1"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.3"
},
{
"version_value": "6.2.4"
},
{
"version_value": "6.2.5"
},
{
"version_value": "6.2.6"
},
{
"version_value": "6.2.7"
},
{
"version_value": "6.2.8"
},
{
"version_value": "7.1.1.1"
},
{
"version_value": "7.1.1.10"
},
{
"version_value": "7.1.1.11"
},
{
"version_value": "7.1.1.12"
},
{
"version_value": "7.1.1.2"
},
{
"version_value": "7.1.1.5"
},
{
"version_value": "7.1.1.6"
},
{
"version_value": "7.1.1.7"
},
{
"version_value": "7.1.1.8"
},
{
"version_value": "7.1.1.9"
},
{
"version_value": "7.5.0.1"
},
{
"version_value": "7.5.0.2"
},
{
"version_value": "7.5.0.3"
},
{
"version_value": "7.5.0.4"
},
{
"version_value": "7.5.0.5"
},
{
"version_value": "7.6"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.6.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21998053",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998053"
},
{
"name": "96536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1124",
"datePublished": "2017-03-07T17:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:25:17.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6072 (GCVE-0-2016-6072)
Vulnerability from nvd – Published: 2017-02-01 20:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Maximo Asset Management |
Affected:
6.2
Affected: 7.1 Affected: 7.5 Affected: 7.5.0.0 Affected: 7.5.0.10 Affected: 7.1.0.0 Affected: 6.2.0.0 Affected: 7.2 Affected: 7.1.1 Affected: 7.1.2 Affected: 7.2.1 Affected: 6.2.1 Affected: 6.2.2 Affected: 6.2.3 Affected: 6.2.4 Affected: 6.2.5 Affected: 6.2.6 Affected: 6.2.7 Affected: 6.2.8 Affected: 7.1.1.1 Affected: 7.1.1.10 Affected: 7.1.1.11 Affected: 7.1.1.12 Affected: 7.1.1.2 Affected: 7.1.1.5 Affected: 7.1.1.6 Affected: 7.1.1.7 Affected: 7.1.1.8 Affected: 7.1.1.9 Affected: 7.5.0.1 Affected: 7.5.0.2 Affected: 7.5.0.3 Affected: 7.5.0.4 Affected: 7.5.0.5 Affected: 7.6 Affected: 7.5.0 Affected: 7.6.0 |
Date Public ?
2017-02-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:18.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.5.0.0"
},
{
"status": "affected",
"version": "7.5.0.10"
},
{
"status": "affected",
"version": "7.1.0.0"
},
{
"status": "affected",
"version": "6.2.0.0"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.4"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.6"
},
{
"status": "affected",
"version": "6.2.7"
},
{
"status": "affected",
"version": "6.2.8"
},
{
"status": "affected",
"version": "7.1.1.1"
},
{
"status": "affected",
"version": "7.1.1.10"
},
{
"status": "affected",
"version": "7.1.1.11"
},
{
"status": "affected",
"version": "7.1.1.12"
},
{
"status": "affected",
"version": "7.1.1.2"
},
{
"status": "affected",
"version": "7.1.1.5"
},
{
"status": "affected",
"version": "7.1.1.6"
},
{
"status": "affected",
"version": "7.1.1.7"
},
{
"status": "affected",
"version": "7.1.1.8"
},
{
"status": "affected",
"version": "7.1.1.9"
},
{
"status": "affected",
"version": "7.5.0.1"
},
{
"status": "affected",
"version": "7.5.0.2"
},
{
"status": "affected",
"version": "7.5.0.3"
},
{
"status": "affected",
"version": "7.5.0.4"
},
{
"status": "affected",
"version": "7.5.0.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.6.0"
}
]
}
],
"datePublic": "2017-02-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "94355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "6.2"
},
{
"version_value": "7.1"
},
{
"version_value": "7.5"
},
{
"version_value": "7.5.0.0"
},
{
"version_value": "7.5.0.10"
},
{
"version_value": "7.1.0.0"
},
{
"version_value": "6.2.0.0"
},
{
"version_value": "7.2"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
},
{
"version_value": "7.2.1"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.3"
},
{
"version_value": "6.2.4"
},
{
"version_value": "6.2.5"
},
{
"version_value": "6.2.6"
},
{
"version_value": "6.2.7"
},
{
"version_value": "6.2.8"
},
{
"version_value": "7.1.1.1"
},
{
"version_value": "7.1.1.10"
},
{
"version_value": "7.1.1.11"
},
{
"version_value": "7.1.1.12"
},
{
"version_value": "7.1.1.2"
},
{
"version_value": "7.1.1.5"
},
{
"version_value": "7.1.1.6"
},
{
"version_value": "7.1.1.7"
},
{
"version_value": "7.1.1.8"
},
{
"version_value": "7.1.1.9"
},
{
"version_value": "7.5.0.1"
},
{
"version_value": "7.5.0.2"
},
{
"version_value": "7.5.0.3"
},
{
"version_value": "7.5.0.4"
},
{
"version_value": "7.5.0.5"
},
{
"version_value": "7.6"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.6.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94355"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21991893",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6072",
"datePublished": "2017-02-01T20:00:00.000Z",
"dateReserved": "2016-06-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:22:18.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5896 (GCVE-0-2016-5896)
Vulnerability from nvd – Published: 2017-02-01 20:00 – Updated: 2024-08-06 01:15
VLAI?
Summary
IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Maximo Asset Management |
Affected:
6.2
Affected: 7.1 Affected: 7.5 Affected: 7.5.0.0 Affected: 7.5.0.10 Affected: 7.1.0.0 Affected: 6.2.0.0 Affected: 7.2 Affected: 7.1.1 Affected: 7.1.2 Affected: 7.2.1 Affected: 6.2.1 Affected: 6.2.2 Affected: 6.2.3 Affected: 6.2.4 Affected: 6.2.5 Affected: 6.2.6 Affected: 6.2.7 Affected: 6.2.8 Affected: 7.1.1.1 Affected: 7.1.1.10 Affected: 7.1.1.11 Affected: 7.1.1.12 Affected: 7.1.1.2 Affected: 7.1.1.5 Affected: 7.1.1.6 Affected: 7.1.1.7 Affected: 7.1.1.8 Affected: 7.1.1.9 Affected: 7.5.0.1 Affected: 7.5.0.2 Affected: 7.5.0.3 Affected: 7.5.0.4 Affected: 7.5.0.5 Affected: 7.6 Affected: 7.5.0 Affected: 7.6.0 |
Date Public ?
2017-02-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21987855"
},
{
"name": "93872",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.5.0.0"
},
{
"status": "affected",
"version": "7.5.0.10"
},
{
"status": "affected",
"version": "7.1.0.0"
},
{
"status": "affected",
"version": "6.2.0.0"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.4"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.6"
},
{
"status": "affected",
"version": "6.2.7"
},
{
"status": "affected",
"version": "6.2.8"
},
{
"status": "affected",
"version": "7.1.1.1"
},
{
"status": "affected",
"version": "7.1.1.10"
},
{
"status": "affected",
"version": "7.1.1.11"
},
{
"status": "affected",
"version": "7.1.1.12"
},
{
"status": "affected",
"version": "7.1.1.2"
},
{
"status": "affected",
"version": "7.1.1.5"
},
{
"status": "affected",
"version": "7.1.1.6"
},
{
"status": "affected",
"version": "7.1.1.7"
},
{
"status": "affected",
"version": "7.1.1.8"
},
{
"status": "affected",
"version": "7.1.1.9"
},
{
"status": "affected",
"version": "7.5.0.1"
},
{
"status": "affected",
"version": "7.5.0.2"
},
{
"status": "affected",
"version": "7.5.0.3"
},
{
"status": "affected",
"version": "7.5.0.4"
},
{
"status": "affected",
"version": "7.5.0.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.6.0"
}
]
}
],
"datePublic": "2017-02-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21987855"
},
{
"name": "93872",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93872"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-5896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "6.2"
},
{
"version_value": "7.1"
},
{
"version_value": "7.5"
},
{
"version_value": "7.5.0.0"
},
{
"version_value": "7.5.0.10"
},
{
"version_value": "7.1.0.0"
},
{
"version_value": "6.2.0.0"
},
{
"version_value": "7.2"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
},
{
"version_value": "7.2.1"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.3"
},
{
"version_value": "6.2.4"
},
{
"version_value": "6.2.5"
},
{
"version_value": "6.2.6"
},
{
"version_value": "6.2.7"
},
{
"version_value": "6.2.8"
},
{
"version_value": "7.1.1.1"
},
{
"version_value": "7.1.1.10"
},
{
"version_value": "7.1.1.11"
},
{
"version_value": "7.1.1.12"
},
{
"version_value": "7.1.1.2"
},
{
"version_value": "7.1.1.5"
},
{
"version_value": "7.1.1.6"
},
{
"version_value": "7.1.1.7"
},
{
"version_value": "7.1.1.8"
},
{
"version_value": "7.1.1.9"
},
{
"version_value": "7.5.0.1"
},
{
"version_value": "7.5.0.2"
},
{
"version_value": "7.5.0.3"
},
{
"version_value": "7.5.0.4"
},
{
"version_value": "7.5.0.5"
},
{
"version_value": "7.6"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.6.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21987855",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21987855"
},
{
"name": "93872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93872"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-5896",
"datePublished": "2017-02-01T20:00:00.000Z",
"dateReserved": "2016-06-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:15:10.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9976 (GCVE-0-2016-9976)
Vulnerability from cvelistv5 – Published: 2017-05-03 17:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Maximo Asset Management |
Affected:
7.1, 7.5, 7.6
|
Date Public ?
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
},
{
"name": "98305",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "7.1, 7.5, 7.6"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-05T09:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
},
{
"name": "98305",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98305"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.1, 7.5, 7.6"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22002018",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
},
{
"name": "98305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98305"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9976",
"datePublished": "2017-05-03T17:00:00.000Z",
"dateReserved": "2016-12-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:07:31.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8924 (GCVE-0-2016-8924)
Vulnerability from cvelistv5 – Published: 2017-04-26 17:00 – Updated: 2024-08-06 02:35
VLAI?
Summary
IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Maximo Asset Management |
Affected:
7.1, 7.1.1, 7.5, 7.6
|
Date Public ?
2017-04-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98023",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98023"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "7.1, 7.1.1, 7.5, 7.6"
}
]
}
],
"datePublic": "2017-04-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 118537."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-27T09:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "98023",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98023"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996256"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.1, 7.1.1, 7.5, 7.6"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 118537."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98023"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21996256",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996256"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8924",
"datePublished": "2017-04-26T17:00:00.000Z",
"dateReserved": "2016-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:35:02.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1124 (GCVE-0-2017-1124)
Vulnerability from cvelistv5 – Published: 2017-03-07 17:00 – Updated: 2024-08-05 13:25
VLAI?
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Maximo Asset Management |
Affected:
6.2
Affected: 7.1 Affected: 7.5 Affected: 7.5.0.0 Affected: 7.5.0.10 Affected: 7.1.0.0 Affected: 6.2.0.0 Affected: 7.2 Affected: 7.1.1 Affected: 7.1.2 Affected: 7.2.1 Affected: 6.2.1 Affected: 6.2.2 Affected: 6.2.3 Affected: 6.2.4 Affected: 6.2.5 Affected: 6.2.6 Affected: 6.2.7 Affected: 6.2.8 Affected: 7.1.1.1 Affected: 7.1.1.10 Affected: 7.1.1.11 Affected: 7.1.1.12 Affected: 7.1.1.2 Affected: 7.1.1.5 Affected: 7.1.1.6 Affected: 7.1.1.7 Affected: 7.1.1.8 Affected: 7.1.1.9 Affected: 7.5.0.1 Affected: 7.5.0.2 Affected: 7.5.0.3 Affected: 7.5.0.4 Affected: 7.5.0.5 Affected: 7.6 Affected: 7.5.0 Affected: 7.6.0 |
Date Public ?
2017-03-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998053"
},
{
"name": "96536",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.5.0.0"
},
{
"status": "affected",
"version": "7.5.0.10"
},
{
"status": "affected",
"version": "7.1.0.0"
},
{
"status": "affected",
"version": "6.2.0.0"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.4"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.6"
},
{
"status": "affected",
"version": "6.2.7"
},
{
"status": "affected",
"version": "6.2.8"
},
{
"status": "affected",
"version": "7.1.1.1"
},
{
"status": "affected",
"version": "7.1.1.10"
},
{
"status": "affected",
"version": "7.1.1.11"
},
{
"status": "affected",
"version": "7.1.1.12"
},
{
"status": "affected",
"version": "7.1.1.2"
},
{
"status": "affected",
"version": "7.1.1.5"
},
{
"status": "affected",
"version": "7.1.1.6"
},
{
"status": "affected",
"version": "7.1.1.7"
},
{
"status": "affected",
"version": "7.1.1.8"
},
{
"status": "affected",
"version": "7.1.1.9"
},
{
"status": "affected",
"version": "7.5.0.1"
},
{
"status": "affected",
"version": "7.5.0.2"
},
{
"status": "affected",
"version": "7.5.0.3"
},
{
"status": "affected",
"version": "7.5.0.4"
},
{
"status": "affected",
"version": "7.5.0.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.6.0"
}
]
}
],
"datePublic": "2017-03-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-08T10:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998053"
},
{
"name": "96536",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "6.2"
},
{
"version_value": "7.1"
},
{
"version_value": "7.5"
},
{
"version_value": "7.5.0.0"
},
{
"version_value": "7.5.0.10"
},
{
"version_value": "7.1.0.0"
},
{
"version_value": "6.2.0.0"
},
{
"version_value": "7.2"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
},
{
"version_value": "7.2.1"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.3"
},
{
"version_value": "6.2.4"
},
{
"version_value": "6.2.5"
},
{
"version_value": "6.2.6"
},
{
"version_value": "6.2.7"
},
{
"version_value": "6.2.8"
},
{
"version_value": "7.1.1.1"
},
{
"version_value": "7.1.1.10"
},
{
"version_value": "7.1.1.11"
},
{
"version_value": "7.1.1.12"
},
{
"version_value": "7.1.1.2"
},
{
"version_value": "7.1.1.5"
},
{
"version_value": "7.1.1.6"
},
{
"version_value": "7.1.1.7"
},
{
"version_value": "7.1.1.8"
},
{
"version_value": "7.1.1.9"
},
{
"version_value": "7.5.0.1"
},
{
"version_value": "7.5.0.2"
},
{
"version_value": "7.5.0.3"
},
{
"version_value": "7.5.0.4"
},
{
"version_value": "7.5.0.5"
},
{
"version_value": "7.6"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.6.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21998053",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998053"
},
{
"name": "96536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1124",
"datePublished": "2017-03-07T17:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:25:17.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6072 (GCVE-0-2016-6072)
Vulnerability from cvelistv5 – Published: 2017-02-01 20:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Maximo Asset Management |
Affected:
6.2
Affected: 7.1 Affected: 7.5 Affected: 7.5.0.0 Affected: 7.5.0.10 Affected: 7.1.0.0 Affected: 6.2.0.0 Affected: 7.2 Affected: 7.1.1 Affected: 7.1.2 Affected: 7.2.1 Affected: 6.2.1 Affected: 6.2.2 Affected: 6.2.3 Affected: 6.2.4 Affected: 6.2.5 Affected: 6.2.6 Affected: 6.2.7 Affected: 6.2.8 Affected: 7.1.1.1 Affected: 7.1.1.10 Affected: 7.1.1.11 Affected: 7.1.1.12 Affected: 7.1.1.2 Affected: 7.1.1.5 Affected: 7.1.1.6 Affected: 7.1.1.7 Affected: 7.1.1.8 Affected: 7.1.1.9 Affected: 7.5.0.1 Affected: 7.5.0.2 Affected: 7.5.0.3 Affected: 7.5.0.4 Affected: 7.5.0.5 Affected: 7.6 Affected: 7.5.0 Affected: 7.6.0 |
Date Public ?
2017-02-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:18.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.5.0.0"
},
{
"status": "affected",
"version": "7.5.0.10"
},
{
"status": "affected",
"version": "7.1.0.0"
},
{
"status": "affected",
"version": "6.2.0.0"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.4"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.6"
},
{
"status": "affected",
"version": "6.2.7"
},
{
"status": "affected",
"version": "6.2.8"
},
{
"status": "affected",
"version": "7.1.1.1"
},
{
"status": "affected",
"version": "7.1.1.10"
},
{
"status": "affected",
"version": "7.1.1.11"
},
{
"status": "affected",
"version": "7.1.1.12"
},
{
"status": "affected",
"version": "7.1.1.2"
},
{
"status": "affected",
"version": "7.1.1.5"
},
{
"status": "affected",
"version": "7.1.1.6"
},
{
"status": "affected",
"version": "7.1.1.7"
},
{
"status": "affected",
"version": "7.1.1.8"
},
{
"status": "affected",
"version": "7.1.1.9"
},
{
"status": "affected",
"version": "7.5.0.1"
},
{
"status": "affected",
"version": "7.5.0.2"
},
{
"status": "affected",
"version": "7.5.0.3"
},
{
"status": "affected",
"version": "7.5.0.4"
},
{
"status": "affected",
"version": "7.5.0.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.6.0"
}
]
}
],
"datePublic": "2017-02-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "94355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "6.2"
},
{
"version_value": "7.1"
},
{
"version_value": "7.5"
},
{
"version_value": "7.5.0.0"
},
{
"version_value": "7.5.0.10"
},
{
"version_value": "7.1.0.0"
},
{
"version_value": "6.2.0.0"
},
{
"version_value": "7.2"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
},
{
"version_value": "7.2.1"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.3"
},
{
"version_value": "6.2.4"
},
{
"version_value": "6.2.5"
},
{
"version_value": "6.2.6"
},
{
"version_value": "6.2.7"
},
{
"version_value": "6.2.8"
},
{
"version_value": "7.1.1.1"
},
{
"version_value": "7.1.1.10"
},
{
"version_value": "7.1.1.11"
},
{
"version_value": "7.1.1.12"
},
{
"version_value": "7.1.1.2"
},
{
"version_value": "7.1.1.5"
},
{
"version_value": "7.1.1.6"
},
{
"version_value": "7.1.1.7"
},
{
"version_value": "7.1.1.8"
},
{
"version_value": "7.1.1.9"
},
{
"version_value": "7.5.0.1"
},
{
"version_value": "7.5.0.2"
},
{
"version_value": "7.5.0.3"
},
{
"version_value": "7.5.0.4"
},
{
"version_value": "7.5.0.5"
},
{
"version_value": "7.6"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.6.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94355"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21991893",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6072",
"datePublished": "2017-02-01T20:00:00.000Z",
"dateReserved": "2016-06-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:22:18.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5896 (GCVE-0-2016-5896)
Vulnerability from cvelistv5 – Published: 2017-02-01 20:00 – Updated: 2024-08-06 01:15
VLAI?
Summary
IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | Maximo Asset Management |
Affected:
6.2
Affected: 7.1 Affected: 7.5 Affected: 7.5.0.0 Affected: 7.5.0.10 Affected: 7.1.0.0 Affected: 6.2.0.0 Affected: 7.2 Affected: 7.1.1 Affected: 7.1.2 Affected: 7.2.1 Affected: 6.2.1 Affected: 6.2.2 Affected: 6.2.3 Affected: 6.2.4 Affected: 6.2.5 Affected: 6.2.6 Affected: 6.2.7 Affected: 6.2.8 Affected: 7.1.1.1 Affected: 7.1.1.10 Affected: 7.1.1.11 Affected: 7.1.1.12 Affected: 7.1.1.2 Affected: 7.1.1.5 Affected: 7.1.1.6 Affected: 7.1.1.7 Affected: 7.1.1.8 Affected: 7.1.1.9 Affected: 7.5.0.1 Affected: 7.5.0.2 Affected: 7.5.0.3 Affected: 7.5.0.4 Affected: 7.5.0.5 Affected: 7.6 Affected: 7.5.0 Affected: 7.6.0 |
Date Public ?
2017-02-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21987855"
},
{
"name": "93872",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.5"
},
{
"status": "affected",
"version": "7.5.0.0"
},
{
"status": "affected",
"version": "7.5.0.10"
},
{
"status": "affected",
"version": "7.1.0.0"
},
{
"status": "affected",
"version": "6.2.0.0"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.4"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.6"
},
{
"status": "affected",
"version": "6.2.7"
},
{
"status": "affected",
"version": "6.2.8"
},
{
"status": "affected",
"version": "7.1.1.1"
},
{
"status": "affected",
"version": "7.1.1.10"
},
{
"status": "affected",
"version": "7.1.1.11"
},
{
"status": "affected",
"version": "7.1.1.12"
},
{
"status": "affected",
"version": "7.1.1.2"
},
{
"status": "affected",
"version": "7.1.1.5"
},
{
"status": "affected",
"version": "7.1.1.6"
},
{
"status": "affected",
"version": "7.1.1.7"
},
{
"status": "affected",
"version": "7.1.1.8"
},
{
"status": "affected",
"version": "7.1.1.9"
},
{
"status": "affected",
"version": "7.5.0.1"
},
{
"status": "affected",
"version": "7.5.0.2"
},
{
"status": "affected",
"version": "7.5.0.3"
},
{
"status": "affected",
"version": "7.5.0.4"
},
{
"status": "affected",
"version": "7.5.0.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.6.0"
}
]
}
],
"datePublic": "2017-02-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21987855"
},
{
"name": "93872",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93872"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-5896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "6.2"
},
{
"version_value": "7.1"
},
{
"version_value": "7.5"
},
{
"version_value": "7.5.0.0"
},
{
"version_value": "7.5.0.10"
},
{
"version_value": "7.1.0.0"
},
{
"version_value": "6.2.0.0"
},
{
"version_value": "7.2"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
},
{
"version_value": "7.2.1"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.3"
},
{
"version_value": "6.2.4"
},
{
"version_value": "6.2.5"
},
{
"version_value": "6.2.6"
},
{
"version_value": "6.2.7"
},
{
"version_value": "6.2.8"
},
{
"version_value": "7.1.1.1"
},
{
"version_value": "7.1.1.10"
},
{
"version_value": "7.1.1.11"
},
{
"version_value": "7.1.1.12"
},
{
"version_value": "7.1.1.2"
},
{
"version_value": "7.1.1.5"
},
{
"version_value": "7.1.1.6"
},
{
"version_value": "7.1.1.7"
},
{
"version_value": "7.1.1.8"
},
{
"version_value": "7.1.1.9"
},
{
"version_value": "7.5.0.1"
},
{
"version_value": "7.5.0.2"
},
{
"version_value": "7.5.0.3"
},
{
"version_value": "7.5.0.4"
},
{
"version_value": "7.5.0.5"
},
{
"version_value": "7.6"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.6.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21987855",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21987855"
},
{
"name": "93872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93872"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-5896",
"datePublished": "2017-02-01T20:00:00.000Z",
"dateReserved": "2016-06-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:15:10.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}