Ibm Maximo Asset Management
81 CVEs affecting Ibm Maximo Asset Management. Latest disclosed: 2025-04-25. Critical: 2, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-4493 | Critical | 9.8 | 2020-10-05 | IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-F… |
CVE-2017-1175 | Critical | 9.8 | 2017-07-05 | IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow… |
CVE-2020-4521 | High | 8.8 | 2020-09-15 | IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserializ… |
CVE-2018-1524 | High | 8.8 | 2018-08-03 | IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to th… |
CVE-2016-9984 | High | 8.8 | 2017-06-13 | IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force I… |
CVE-2016-9977 | High | 8.8 | 2017-06-07 | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session… |
CVE-2024-27266 | High | 8.2 | 2024-03-14 | IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit t… |
CVE-2020-4463 | High | 8.2 | 2020-07-29 | IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker coul… |
CVE-2020-4529 | High | 7.3 | 2020-06-08 | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized… |
CVE-2021-20509 | High | 7.0 | 2021-08-12 | IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, cause… |
CVE-2020-4409 | Medium | 6.8 | 2020-09-16 | IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to vis… |
CVE-2024-45077 | Medium | 6.5 | 2025-01-24 | IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricte… |
CVE-2024-45652 | Medium | 6.5 | 2025-01-19 | IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request c… |
CVE-2023-32333 | Medium | 6.5 | 2024-02-02 | IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073. |
CVE-2022-40616 | Medium | 6.5 | 2022-09-21 | IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they sh… |
CVE-2021-20374 | Medium | 6.5 | 2021-05-19 | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in… |
CVE-2019-4478 | Medium | 6.5 | 2020-05-12 | IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access… |
CVE-2018-2028 | Medium | 6.5 | 2019-06-06 | IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain high… |
CVE-2024-45088 | Medium | 6.4 | 2024-11-11 | IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript c… |
CVE-2023-38723 | Medium | 6.4 | 2024-03-13 | IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We… |