Ibm Control_desk

15 CVEs affecting Ibm Control_desk. Latest disclosed: 2022-09-13. Critical: 0, High: 2.

Top CVEs affecting Ibm Control_desk
CVESeverityScorePublishedSummary
CVE-2020-4409High8.22020-09-16IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to vis…
CVE-2019-4364High8.02019-06-19IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. I…
CVE-2018-2028Medium6.52019-06-06IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain high…
CVE-2019-4644Medium6.12020-04-17IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus al…
CVE-2021-20559Medium5.42021-05-10IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI th…
CVE-2019-4749Medium5.42020-04-17IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus al…
CVE-2019-4446Medium5.42020-04-17IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 1…
CVE-2019-4429Medium5.42020-02-19IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We…
CVE-2019-4303Medium5.42019-06-19IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus al…
CVE-2022-22330Medium5.32022-09-13IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could e…
CVE-2022-22329Medium4.32022-09-13IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending…
CVE-2019-4512Medium4.32019-10-09IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IB…
CVE-2019-4056Medium4.32019-06-06IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID…
CVE-2015-5016Medium4.32018-03-27IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and…
CVE-2019-4048Low2.12019-06-06IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force…