CVE-2015-4965

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.1 through 7.1.1.13 IBM Maximo Asset Management versions 7.5.0 before 7.5.0.8 IFIX004 IBM Maximo Asset Management versions 7.6.0 before 7.6.0.1 IFIX002 IBM Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 for SmartCloud Control Desk IBM Maximo Asset Management 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk IBM Maximo Asset Management versions 7.1 through 7.1.1.13 for Tivoli IT Asset Management for IT IBM Maximo Asset Management version 7.2 for Tivoli IT Asset Management for IT

Description The issue allows remote authenticated users to obtain sensitive information by reading a backup or debug application file. This can be done through the maximouiweb/webmodule/webclient/utility/merlin.jsp file in IBM Maximo Asset Management.

Recommendations For IBM Maximo Asset Management versions 7.1 through 7.1.1.13, update to a version after 7.1.1.13. For IBM Maximo Asset Management versions 7.5.0 before 7.5.0.8 IFIX004, apply IFIX004 or update to a version after 7.5.0.8 IFIX004. For IBM Maximo Asset Management versions 7.6.0 before 7.6.0.1 IFIX002, apply IFIX002 or update to a version after 7.6.0.1 IFIX002. For IBM Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 for SmartCloud Control Desk, apply IFIX004 or update to a version after 7.5.0.8 IFIX004. For IBM Maximo Asset Management 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk, apply IFIX002 or update to a version after 7.6.0.1 IFIX002. For IBM Maximo Asset Management versions 7.1 through 7.1.1.13 for Tivoli IT Asset Management for IT, update to a version after 7.1.1.13. For IBM Maximo Asset Management version 7.2 for Tivoli IT Asset Management for IT, update to a version after 7.2.