cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-45088,https://securityvulnerability.io/vulnerability/CVE-2024-45088,,IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,IBM,Maximo Asset Management,5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-11-11T16:15:00.000Z,0
CVE-2024-22333,https://securityvulnerability.io/vulnerability/CVE-2024-22333,IBM Maximo Asset Management Vulnerability: Web Pages Stored Locally Can Be Accessed by Other Users,IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system.  IBM X-Force ID:  279973.,IBM,"Maximo Application Suite,Maximo Asset Management",3.3,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-06-13T13:55:39.767Z,0
CVE-2024-27266,https://securityvulnerability.io/vulnerability/CVE-2024-27266,IBM Maximo Suite Vulnerable to XML External Entity Injection Attack,"The vulnerability impacts IBM Maximo Application Suite version 7.6.1.3, allowing an XML External Entity Injection (XXE) attack when processing XML data. This security flaw could enable remote attackers to exploit the application, potentially exposing sensitive information and causing excessive memory consumption. Such vulnerabilities can lead to significant security risks if not addressed promptly, making it crucial for users and administrators to implement necessary security measures and apply updates as soon as they are available. For detailed guidance on mitigating this issue, users can refer to IBM's security advisory.",IBM,Maximo Asset Management,8.2,HIGH,0.0007099999929778278,false,false,false,false,,false,false,2024-03-14T18:32:28.919Z,0
CVE-2023-32335,https://securityvulnerability.io/vulnerability/CVE-2023-32335,IBM Maximo Suite Vulnerability: Sensitive Information in URL Parameters,"The IBM Maximo Application Suite and IBM Maximo Asset Management products expose sensitive information via URL parameters. This misconfiguration allows unauthorized individuals to gain access to confidential data if they can view these URLs through server logs, referrer headers, or browser history. Such exposure could lead to significant security implications for organizations utilizing these applications, underscoring the importance of implementing robust security measures to protect sensitive information.",IBM,"Maximo Application Suite,Maximo Asset Management",3.7,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-03-13T09:23:23.225Z,0
CVE-2023-38723,https://securityvulnerability.io/vulnerability/CVE-2023-38723,Maximo Suite Vulnerable to Stored Cross-Site Scripting,"The IBM Maximo Application Suite 7.6.1.3 contains a vulnerability that facilitates stored cross-site scripting. This security lapse permits authorized users to inject arbitrary JavaScript code into the web user interface. The resulting code execution can compromise the integrity of user sessions, potentially exposing sensitive credentials in what would otherwise be deemed a secure environment. It is crucial for organizations utilizing this software to assess their exposure to this vulnerability and implement remediation strategies promptly.",IBM,Maximo Asset Management,6.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-03-13T09:16:40.785Z,0
CVE-2023-32333,https://securityvulnerability.io/vulnerability/CVE-2023-32333,IBM Maximo Asset Management improper access control,"IBM Maximo Asset Management version 7.6.1.3 has a vulnerability that permits unauthorized remote access to the admin panel due to improper access controls. This flaw can be exploited by an attacker to gain elevated privileges, which may lead to potential data compromises and unauthorized system modifications. Organizations utilizing this version of IBM Maximo Asset Management should prioritize evaluation and remediation of this vulnerability to safeguard their assets and sensitive information.",IBM,Maximo Asset Management,6.5,MEDIUM,0.0009800000116229057,false,false,false,false,,false,false,2024-02-02T01:55:05.695Z,0
CVE-2023-32337,https://securityvulnerability.io/vulnerability/CVE-2023-32337,IBM Maximo Spatial Asset Management server-side request forgery,"IBM Maximo Spatial Asset Management 8.10 is vulnerable to a server-side request forgery (SSRF), which allows an authenticated attacker to transmit unauthorized requests from the server. This vulnerability can lead to network enumeration, potentially exposing sensitive information and enabling an attacker to orchestrate subsequent attacks. The improper validation of requests may result in unauthorized access to internal services, compromising system integrity and security.",IBM,Maximo Spatial Asset Management,5.4,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-01-19T01:17:10.283Z,0
CVE-2023-47718,https://securityvulnerability.io/vulnerability/CVE-2023-47718,IBM Maximo Asset Management cross-site request forgery,"The IBM Maximo Asset Management and Manage Component products are prone to a cross-site request forgery vulnerability. This flaw allows attackers to perform unauthorized actions by exploiting user trust within the website. Specifically, the vulnerability affects IBM Maximo Asset Management versions 7.6.1.3 and the Manage Component versions 8.10 through 8.11. Organizations using these versions may face significant security risks if this vulnerability is exploited, as attackers can potentially execute actions that could compromise system integrity or data confidentiality.",IBM,"Maximo Asset Management,Maximo Asset Management Manage Component",8.8,HIGH,0.0007300000288523734,false,false,false,false,,false,false,2024-01-19T01:14:42.543Z,0
CVE-2023-32332,https://securityvulnerability.io/vulnerability/CVE-2023-32332,IBM Maximo Application Suite and IBM Maximo Asset Management HTML injection,"IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.  IBM X-Force ID:  255072.",IBM,"Maximo Asset Management,Maximo Application Suite",5.4,MEDIUM,0.000859999970998615,false,false,false,false,,false,false,2023-09-08T20:15:00.000Z,0
CVE-2023-32334,https://securityvulnerability.io/vulnerability/CVE-2023-32334,IBM Maximo Asset Management information disclosure,"IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.  IBM X-Force ID:  255074.",IBM,"Maximo Asset Management,Maximo Application Suite",5.3,MEDIUM,0.0007099999929778278,false,false,false,false,,false,false,2023-06-05T01:15:00.000Z,0
CVE-2022-43866,https://securityvulnerability.io/vulnerability/CVE-2022-43866,IBM Maximo Asset Management cross-site scripting,IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  239436.,IBM,Maximo Asset Management,5.4,MEDIUM,0.0005099999834783375,false,false,false,false,,false,false,2023-05-05T18:20:16.402Z,0
CVE-2023-27864,https://securityvulnerability.io/vulnerability/CVE-2023-27864,IBM Maximo Asset Management HTML injection,"IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.  IBM X-Force ID:  249327.",IBM,Maximo Asset Management,5.4,MEDIUM,0.0006200000061653554,false,false,false,false,,false,false,2023-04-28T18:15:00.000Z,0
CVE-2023-27860,https://securityvulnerability.io/vulnerability/CVE-2023-27860,IBM Maximo Asset Management information disclosure,IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message.  This information could be used in further attacks against the system.  IBM X-Force ID:  249207.,IBM,Maximo Asset Management,5.3,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2023-04-27T19:15:00.000Z,0
CVE-2022-35645,https://securityvulnerability.io/vulnerability/CVE-2022-35645,IBM Maximo Asset Management cross-site scripting,"IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  230958.",IBM,"Maximo Asset Management,Maximo Application Suite",6.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2023-03-02T20:14:56.934Z,0
CVE-2022-41734,https://securityvulnerability.io/vulnerability/CVE-2022-41734,IBM Maximo Asset Management information disclosure,IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.  IBM X-Force ID:  237587.,IBM,Maximo Asset Management,5.3,MEDIUM,0.001339999958872795,false,false,false,false,,false,false,2023-02-17T17:38:24.048Z,0
CVE-2022-35281,https://securityvulnerability.io/vulnerability/CVE-2022-35281,IBM Maximo Application Suite command injection,"IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection.  IBM X-Force ID:  2306335.",IBM,"Maximo Asset Management,Maximo Manage",5.5,MEDIUM,0.0018100000452250242,false,false,false,false,,false,false,2023-01-09T08:15:00.000Z,0
CVE-2022-40616,https://securityvulnerability.io/vulnerability/CVE-2022-40616,,"IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311.",IBM,Maximo Asset Management,6.5,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2022-09-21T17:15:00.000Z,0
CVE-2021-38924,https://securityvulnerability.io/vulnerability/CVE-2021-38924,,IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163.,IBM,Maximo Asset Management,5.3,MEDIUM,0.0015200000489130616,false,false,false,false,,false,false,2022-09-14T17:15:00.000Z,0
CVE-2022-35714,https://securityvulnerability.io/vulnerability/CVE-2022-35714,,IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116.,IBM,Maximo Asset Management,5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2022-08-26T18:15:00.000Z,0
CVE-2021-29854,https://securityvulnerability.io/vulnerability/CVE-2021-29854,,"IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680.",IBM,Maximo Asset Management,5.4,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2022-05-03T19:15:00.000Z,0
CVE-2022-22435,https://securityvulnerability.io/vulnerability/CVE-2022-22435,,IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,IBM,Maximo Asset Management,5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2022-04-21T17:15:00.000Z,0
CVE-2022-22436,https://securityvulnerability.io/vulnerability/CVE-2022-22436,,IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224164.,IBM,Maximo Asset Management,5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2022-04-21T17:15:00.000Z,0
CVE-2021-38935,https://securityvulnerability.io/vulnerability/CVE-2021-38935,,"IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892.",IBM,Maximo Asset Management,5.9,MEDIUM,0.0010400000028312206,false,false,false,false,,false,false,2022-02-18T18:15:00.000Z,0
CVE-2021-29743,https://securityvulnerability.io/vulnerability/CVE-2021-29743,,IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201693.,IBM,Maximo Asset Management,6.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-08-30T17:15:00.000Z,0
CVE-2021-29744,https://securityvulnerability.io/vulnerability/CVE-2021-29744,,IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694.,IBM,Maximo Asset Management,5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-08-27T16:15:00.000Z,0