CVE-2015-1934

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.1 through 7.1.1.13 IBM Maximo Asset Management versions 7.5.0 before 7.5.0.8 IFIX002 IBM Maximo Asset Management versions 7.6.0 before 7.6.0.1 IFIX001 IBM Maximo Asset Management versions 7.5.x before 7.5.0.8 IFIX002 for SmartCloud Control Desk IBM Maximo Asset Management versions 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk IBM Maximo Asset Management versions 7.1 through 7.1.1.13 for Tivoli IT Asset Management for IT IBM Maximo Asset Management version 7.2 for Tivoli IT Asset Management for IT

Description The issue is related to improper password encryption, making it easier for attackers with access to a password file to determine cleartext passwords.

Recommendations For versions 7.1 through 7.1.1.13, update to a version after 7.1.1.13. For versions 7.5.0 before 7.5.0.8 IFIX002, apply IFIX002 or update to a version after 7.5.0.8 IFIX002. For versions 7.6.0 before 7.6.0.1 IFIX001, apply IFIX001 or update to a version after 7.6.0.1 IFIX001. For SmartCloud Control Desk versions 7.5.x before 7.5.0.8 IFIX002, apply IFIX002 or update to a version after 7.5.0.8 IFIX002. For SmartCloud Control Desk versions 7.6.0 before 7.6.0.1 IFIX001, apply IFIX001 or update to a version after 7.6.0.1 IFIX001. For Tivoli IT Asset Management for IT version 7.2, update to a version after 7.2.