IBM Maximo For Nuclear Power

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in IBM Maximo For Nuclear Power.

By the Year

In 2025 there have been 0 vulnerabilities in IBM Maximo For Nuclear Power. Maximo For Nuclear Power did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2025	0	0.00
2024	0	0.00
2023	0	0.00
2022	0	0.00
2021	0	0.00
2020	6	5.80
2019	7	5.14
2018	2	6.55

It may take a day or so for new Maximo For Nuclear Power vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent IBM Maximo For Nuclear Power Security Vulnerabilities

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack

CVE-2020-4409 8.2 - High - September 16, 2020

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537.

Open Redirect

IBM Maximo Asset Management 7.6 could

CVE-2019-4446 5.4 - Medium - April 17, 2020

IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.

AuthZ

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting

CVE-2019-4644 6.1 - Medium - April 17, 2020

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.

XSS

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting

CVE-2019-4749 5.4 - Medium - April 17, 2020

XSS

IBM Maximo Asset Management 7.6.1.0 could

CVE-2019-4745 4.3 - Medium - February 24, 2020

IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883.

AuthZ

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting

CVE-2019-4429 5.4 - Medium - February 19, 2020

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.

XSS

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting

CVE-2019-4486 5.4 - Medium - October 24, 2019

XSS

IBM Maximo Asset Management 7.6.1.1 generates an error message

CVE-2019-4512 4.3 - Medium - October 09, 2019

IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.

Generation of Error Message Containing Sensitive Information

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting

CVE-2019-4303 5.4 - Medium - June 19, 2019

XSS

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could

CVE-2019-4364 8 - High - June 19, 2019

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.

CSV Injection

IBM Maximo Asset Management 7.6 could

CVE-2018-2028 6.5 - Medium - June 06, 2019

IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.

Cleartext Storage of Sensitive Information

IBM Maximo Asset Management 7.6 could

CVE-2019-4048 2.1 - Low - June 06, 2019

IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.

Improper Privilege Management

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload

CVE-2019-4056 4.3 - Medium - June 06, 2019

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.

Unrestricted File Upload

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API

CVE-2018-1528 4.3 - Medium - August 06, 2018

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.

Information Disclosure

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account

CVE-2018-1524 8.8 - High - August 03, 2018

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.

Insecure Default Initialization of Resource

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for IBM Smartcloud Control Desk or by IBM? Click the Watch button to subscribe.

IBM
Vendor

IBM Maximo For Nuclear Power
Product

IBM Maximo For Nuclear Power

Don't miss out!

By the Year

Recent IBM Maximo For Nuclear Power Security Vulnerabilities

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack CVE-2020-4409 8.2 - High - September 16, 2020

IBM Maximo Asset Management 7.6 could CVE-2019-4446 5.4 - Medium - April 17, 2020

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting CVE-2019-4644 6.1 - Medium - April 17, 2020

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting CVE-2019-4749 5.4 - Medium - April 17, 2020

IBM Maximo Asset Management 7.6.1.0 could CVE-2019-4745 4.3 - Medium - February 24, 2020

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting CVE-2019-4429 5.4 - Medium - February 19, 2020

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting CVE-2019-4486 5.4 - Medium - October 24, 2019

IBM Maximo Asset Management 7.6.1.1 generates an error message CVE-2019-4512 4.3 - Medium - October 09, 2019

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting CVE-2019-4303 5.4 - Medium - June 19, 2019

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could CVE-2019-4364 8 - High - June 19, 2019

IBM Maximo Asset Management 7.6 could CVE-2018-2028 6.5 - Medium - June 06, 2019

IBM Maximo Asset Management 7.6 could CVE-2019-4048 2.1 - Low - June 06, 2019

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload CVE-2019-4056 4.3 - Medium - June 06, 2019

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API CVE-2018-1528 4.3 - Medium - August 06, 2018

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account CVE-2018-1524 8.8 - High - August 03, 2018