CVE-2015-0107

Name of the Vulnerable Software and Affected Versions IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database versions 7.1 through 7.1.1.8 and 7.2 Maximo Asset Management and Maximo Industry Solutions versions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002

Description The issue allows remote authenticated users to conduct directory traversal attacks via unspecified vectors.

Recommendations For IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database versions 7.1 through 7.1.1.8 and 7.2, update to a version outside of the affected range. For Maximo Asset Management and Maximo Industry Solutions versions 7.1 through 7.1.1.8, update to version 7.5.0.7 IFIX003 or later, or version 7.6.0.0 IFIX002 or later. For Maximo Asset Management and Maximo Industry Solutions version 7.5 before 7.5.0.7 IFIX003, apply IFIX003 or later. For Maximo Asset Management and Maximo Industry Solutions version 7.6 before 7.6.0.0 IFIX002, apply IFIX002 or later.