CVE-2016-0222

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.6.0.0 through 7.6.0.2

Description The issue is related to insufficient access control in the system, allowing remote authenticated users to bypass intended access restrictions. This can enable an attacker to read arbitrary purchase-order work logs. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For IBM Maximo Asset Management versions 7.6.0.0 through 7.6.0.2, update to version 7.6.0.3 IFIX001 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive purchase-order work logs until the update is applied.