PT-2016-3655 · Ibm · Ibm Maximo Asset Management For Smartcloud Control Desk+2
Publicado
2016-01-03
·
Atualizado
2016-01-06
·
CVE-2015-5017
CVSS v2.0
5.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Maximo Asset Management versions 7.1 through 7.1.1.13
IBM Maximo Asset Management versions 7.5.0 before 7.5.0.8 IFIX005
IBM Maximo Asset Management versions 7.6.0 before 7.6.0.2 IFIX002
IBM Maximo Asset Management version 7.5.1
IBM Maximo Asset Management version 7.2
Description
The issue allows remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password. This affects various IBM products, including Maximo Asset Management for SmartCloud Control Desk and Tivoli IT Asset Management for IT.
Recommendations
For versions 7.1 through 7.1.1.13, update to a version after 7.1.1.13.
For versions 7.5.0 before 7.5.0.8 IFIX005, apply IFIX005 or update to a version after 7.5.0.8 IFIX005.
For versions 7.6.0 before 7.6.0.2 IFIX002, apply IFIX002 or update to a version after 7.6.0.2 IFIX002.
For version 7.5.1, update to a version after 7.5.1.
For version 7.2, update to a version after 7.2.
Correção
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Maximo Asset Management
Ibm Maximo Asset Management For Smartcloud Control Desk
Tivoli Asset Management For It