cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45077,https://securityvulnerability.io/vulnerability/CVE-2024-45077,Unrestricted File Upload Vulnerability in IBM Maximo Asset Management,"The IBM Maximo Asset Management product version 7.6.1.3 is affected by an unrestricted file upload vulnerability in the MXAPIASSET API. This flaw allows authenticated users with low privileges to upload restricted file types. The exploitation is notably simplified for installations on Windows operating systems, where users can circumvent file type restrictions by appending a dot to the filename. This can lead to serious security risks, including unauthorized access and potential system compromise.",IBM,Maximo Asset Management,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-24T15:38:03.611Z,0
CVE-2024-45652,https://securityvulnerability.io/vulnerability/CVE-2024-45652,Directory Traversal Vulnerability in IBM Maximo MXAPIASSET API,"The IBM Maximo MXAPIASSET API version 7.6.1.3 is susceptible to directory traversal, enabling remote attackers to exploit the system by crafting malicious URL requests. By utilizing 'dot dot' sequences (/../), an attacker may gain access to arbitrary files on the server. This vulnerability poses a significant risk as it could allow unauthorized users to read sensitive data, thus compromising the integrity and confidentiality of the system.",IBM,Maximo Asset Management,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,false,,2025-01-19T02:42:18.748Z,0
CVE-2024-45088,https://securityvulnerability.io/vulnerability/CVE-2024-45088,Stored Cross-Site Scripting Vulnerability in IBM Maximo Asset Management,"IBM Maximo Asset Management 7.6.1.3 is susceptible to a stored cross-site scripting vulnerability that enables authenticated users to inject arbitrary JavaScript code into the web interface. This exploitation allows attackers to manipulate the application's functionality, potentially compromising sensitive user credentials during trusted sessions.",IBM,Maximo Asset Management,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-11T16:15:00.000Z,0
CVE-2024-22333,https://securityvulnerability.io/vulnerability/CVE-2024-22333,IBM Maximo Asset Management Vulnerability: Web Pages Stored Locally Can Be Accessed by Other Users,IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system.  IBM X-Force ID:  279973.,IBM,"Maximo Application Suite,Maximo Asset Management",3.3,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-13T13:55:39.767Z,0
CVE-2024-27266,https://securityvulnerability.io/vulnerability/CVE-2024-27266,IBM Maximo Suite Vulnerable to XML External Entity Injection Attack,"The vulnerability impacts IBM Maximo Application Suite version 7.6.1.3, allowing an XML External Entity Injection (XXE) attack when processing XML data. This security flaw could enable remote attackers to exploit the application, potentially exposing sensitive information and causing excessive memory consumption. Such vulnerabilities can lead to significant security risks if not addressed promptly, making it crucial for users and administrators to implement necessary security measures and apply updates as soon as they are available. For detailed guidance on mitigating this issue, users can refer to IBM's security advisory.",IBM,Maximo Asset Management,8.2,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-03-14T18:32:28.919Z,0
CVE-2023-32335,https://securityvulnerability.io/vulnerability/CVE-2023-32335,IBM Maximo Suite Vulnerability: Sensitive Information in URL Parameters,"The IBM Maximo Application Suite and IBM Maximo Asset Management products expose sensitive information via URL parameters. This misconfiguration allows unauthorized individuals to gain access to confidential data if they can view these URLs through server logs, referrer headers, or browser history. Such exposure could lead to significant security implications for organizations utilizing these applications, underscoring the importance of implementing robust security measures to protect sensitive information.",IBM,"Maximo Application Suite,Maximo Asset Management",7.5,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2024-03-13T09:23:23.225Z,0
CVE-2023-38723,https://securityvulnerability.io/vulnerability/CVE-2023-38723,Maximo Suite Vulnerable to Stored Cross-Site Scripting,"The IBM Maximo Application Suite 7.6.1.3 contains a vulnerability that facilitates stored cross-site scripting. This security lapse permits authorized users to inject arbitrary JavaScript code into the web user interface. The resulting code execution can compromise the integrity of user sessions, potentially exposing sensitive credentials in what would otherwise be deemed a secure environment. It is crucial for organizations utilizing this software to assess their exposure to this vulnerability and implement remediation strategies promptly.",IBM,Maximo Asset Management,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-03-13T09:16:40.785Z,0
CVE-2023-32333,https://securityvulnerability.io/vulnerability/CVE-2023-32333,IBM Maximo Asset Management improper access control,"IBM Maximo Asset Management version 7.6.1.3 has a vulnerability that permits unauthorized remote access to the admin panel due to improper access controls. This flaw can be exploited by an attacker to gain elevated privileges, which may lead to potential data compromises and unauthorized system modifications. Organizations utilizing this version of IBM Maximo Asset Management should prioritize evaluation and remediation of this vulnerability to safeguard their assets and sensitive information.",IBM,Maximo Asset Management,6.5,MEDIUM,0.0009800000116229057,false,,false,false,false,,,false,false,,2024-02-02T01:55:05.695Z,0
CVE-2023-32337,https://securityvulnerability.io/vulnerability/CVE-2023-32337,IBM Maximo Spatial Asset Management server-side request forgery,"IBM Maximo Spatial Asset Management 8.10 is vulnerable to a server-side request forgery (SSRF), which allows an authenticated attacker to transmit unauthorized requests from the server. This vulnerability can lead to network enumeration, potentially exposing sensitive information and enabling an attacker to orchestrate subsequent attacks. The improper validation of requests may result in unauthorized access to internal services, compromising system integrity and security.",IBM,Maximo Spatial Asset Management,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-01-19T01:17:10.283Z,0
CVE-2023-47718,https://securityvulnerability.io/vulnerability/CVE-2023-47718,IBM Maximo Asset Management cross-site request forgery,"The IBM Maximo Asset Management and Manage Component products are prone to a cross-site request forgery vulnerability. This flaw allows attackers to perform unauthorized actions by exploiting user trust within the website. Specifically, the vulnerability affects IBM Maximo Asset Management versions 7.6.1.3 and the Manage Component versions 8.10 through 8.11. Organizations using these versions may face significant security risks if this vulnerability is exploited, as attackers can potentially execute actions that could compromise system integrity or data confidentiality.",IBM,"Maximo Asset Management,Maximo Asset Management Manage Component",8.8,HIGH,0.0010900000343099236,false,,false,false,false,,,false,false,,2024-01-19T01:14:42.543Z,0
CVE-2023-32332,https://securityvulnerability.io/vulnerability/CVE-2023-32332,IBM Maximo Application Suite and IBM Maximo Asset Management HTML injection,"IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.  IBM X-Force ID:  255072.",IBM,"Maximo Asset Management,Maximo Application Suite",5.4,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2023-09-08T20:15:00.000Z,0
CVE-2023-32334,https://securityvulnerability.io/vulnerability/CVE-2023-32334,IBM Maximo Asset Management information disclosure,"IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.  IBM X-Force ID:  255074.",IBM,"Maximo Asset Management,Maximo Application Suite",5.3,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2023-06-05T01:15:00.000Z,0
CVE-2022-43866,https://securityvulnerability.io/vulnerability/CVE-2022-43866,IBM Maximo Asset Management cross-site scripting,IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  239436.,IBM,Maximo Asset Management,5.4,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2023-05-05T18:20:16.402Z,0
CVE-2023-27864,https://securityvulnerability.io/vulnerability/CVE-2023-27864,IBM Maximo Asset Management HTML injection,"IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.  IBM X-Force ID:  249327.",IBM,Maximo Asset Management,5.4,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-04-28T18:15:00.000Z,0
CVE-2023-27860,https://securityvulnerability.io/vulnerability/CVE-2023-27860,IBM Maximo Asset Management information disclosure,IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message.  This information could be used in further attacks against the system.  IBM X-Force ID:  249207.,IBM,Maximo Asset Management,5.3,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2023-04-27T19:15:00.000Z,0
CVE-2022-35645,https://securityvulnerability.io/vulnerability/CVE-2022-35645,IBM Maximo Asset Management cross-site scripting,"IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  230958.",IBM,"Maximo Asset Management,Maximo Application Suite",6.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2023-03-02T20:14:56.934Z,0
CVE-2022-41734,https://securityvulnerability.io/vulnerability/CVE-2022-41734,IBM Maximo Asset Management information disclosure,IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.  IBM X-Force ID:  237587.,IBM,Maximo Asset Management,5.3,MEDIUM,0.001449999981559813,false,,false,false,false,,,false,false,,2023-02-17T17:38:24.048Z,0
CVE-2022-35281,https://securityvulnerability.io/vulnerability/CVE-2022-35281,IBM Maximo Application Suite command injection,"IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection.  IBM X-Force ID:  2306335.",IBM,"Maximo Asset Management,Maximo Manage",5.5,MEDIUM,0.0018100000452250242,false,,false,false,false,,,false,false,,2023-01-09T08:15:00.000Z,0
CVE-2022-40616,https://securityvulnerability.io/vulnerability/CVE-2022-40616,Authentication Bypass Vulnerability in IBM Maximo Asset Management,"The vulnerability in IBM Maximo Asset Management allows attackers to bypass authentication mechanisms, potentially enabling them to access restricted areas of the system. This flaw could lead to unauthorized information retrieval or the execution of actions that should be restricted to authorized users only. Organizations using affected versions must implement appropriate security measures to mitigate the risks associated with this vulnerability.",IBM,Maximo Asset Management,6.5,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2022-09-21T17:15:00.000Z,0
CVE-2021-38924,https://securityvulnerability.io/vulnerability/CVE-2021-38924,Information Disclosure Vulnerability in IBM Maximo Asset Management,"IBM Maximo Asset Management versions 7.6.1.1 and 7.6.1.2 are susceptible to an information disclosure vulnerability that may allow remote attackers to expose sensitive data. This risk occurs when technical error messages are returned to the end-user in the browser, potentially providing attackers with insights that could facilitate subsequent attacks against the system. Users are encouraged to review their error handling processes to mitigate this risk.",IBM,Maximo Asset Management,5.3,MEDIUM,0.0015200000489130616,false,,false,false,false,,,false,false,,2022-09-14T17:15:00.000Z,0
CVE-2022-35714,https://securityvulnerability.io/vulnerability/CVE-2022-35714,Cross-Site Scripting Vulnerability in IBM Maximo Asset Management,"IBM Maximo Asset Management 7.6.1 contains a vulnerability that enables cross-site scripting, permitting attackers to inject arbitrary JavaScript code into the web user interface. By exploiting this flaw, a malicious actor could manipulate the application’s functionality, potentially leading to the unintended disclosure of user credentials during a trusted session. This poses significant risks to users interacting with the application.",IBM,Maximo Asset Management,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-08-26T18:15:00.000Z,0
CVE-2021-29854,https://securityvulnerability.io/vulnerability/CVE-2021-29854,HTTP Header Injection Vulnerability in IBM Maximo Asset Management,"IBM Maximo Asset Management versions 7.6.1.1 and 7.6.1.2 are susceptible to an HTTP header injection flaw due to improper validation of input from the HOST headers. By sending a maliciously crafted HTTP request, an attacker can inject an HTTP HOST header, potentially leading to a range of attacks, including cross-site scripting, cache poisoning, or session hijacking. This vulnerability poses significant risks for deploying secure applications and systems reliant on affected versions.",IBM,Maximo Asset Management,5.4,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-05-03T19:15:00.000Z,0
CVE-2022-22435,https://securityvulnerability.io/vulnerability/CVE-2022-22435,Cross-Site Scripting Vulnerability in IBM Maximo Asset Management,"IBM Maximo Asset Management 7.6.1.2 contains a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code into the application’s web interface. This could lead to unauthorized actions within the context of a user's session, potentially compromising user credentials and enabling attackers to alter the application's intended functionality. It is essential for organizations using this version of IBM Maximo to implement necessary security measures to safeguard against possible exploitation.",IBM,Maximo Asset Management,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-04-21T17:15:00.000Z,0
CVE-2022-22436,https://securityvulnerability.io/vulnerability/CVE-2022-22436,Cross-Site Scripting Vulnerability in IBM Maximo Asset Management,"IBM Maximo Asset Management version 7.6.1.2 is exposed to a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code into the Web UI. This injection can manipulate the intended behavior of the application, potentially jeopardizing user credentials during trusted sessions. Organizations using this version should be aware of the security implications and consider applying appropriate patches to mitigate risks.",IBM,Maximo Asset Management,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-04-21T17:15:00.000Z,0
CVE-2021-38935,https://securityvulnerability.io/vulnerability/CVE-2021-38935,Weak Password Policies in IBM Maximo Asset Management,"IBM Maximo Asset Management 7.6.1.2 allows for inadequate password requirements, enabling attackers to easily compromise user accounts and gain unauthorized access. By not enforcing strong password policies, users are at heightened risk of credential theft, making it essential for organizations to assess and enhance their security measures in order to protect sensitive information and maintain system integrity.",IBM,Maximo Asset Management,5.9,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-02-18T18:15:00.000Z,0