IBM Tivoli Integration Composer
By the Year
In 2024 there have been 0 vulnerabilities in IBM Tivoli Integration Composer . Tivoli Integration Composer did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 5 | 6.10 |
| 2019 | 7 | 5.14 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Tivoli Integration Composer vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Tivoli Integration Composer Security Vulnerabilities
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack
CVE-2020-4409
8.2 - High
- September 16, 2020
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537.
Open Redirect
IBM Maximo Asset Management 7.6 could
CVE-2019-4446
5.4 - Medium
- April 17, 2020
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.
AuthZ
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting
CVE-2019-4644
6.1 - Medium
- April 17, 2020
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.
XSS
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting
CVE-2019-4749
5.4 - Medium
- April 17, 2020
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308.
XSS
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting
CVE-2019-4429
5.4 - Medium
- February 19, 2020
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.
XSS
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting
CVE-2019-4486
5.4 - Medium
- October 24, 2019
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.
XSS
IBM Maximo Asset Management 7.6.1.1 generates an error message
CVE-2019-4512
4.3 - Medium
- October 09, 2019
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.
Generation of Error Message Containing Sensitive Information
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting
CVE-2019-4303
5.4 - Medium
- June 19, 2019
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.
XSS
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could
CVE-2019-4364
8 - High
- June 19, 2019
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.
CSV Injection
IBM Maximo Asset Management 7.6 could
CVE-2018-2028
6.5 - Medium
- June 06, 2019
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.
Cleartext Storage of Sensitive Information
IBM Maximo Asset Management 7.6 could
CVE-2019-4048
2.1 - Low
- June 06, 2019
IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.
Improper Privilege Management
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload
CVE-2019-4056
4.3 - Medium
- June 06, 2019
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.
Unrestricted File Upload
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Tivoli Integration Composer or by IBM? Click the Watch button to subscribe.
