PT-2015-2781 · Ibm · Ibm Maximo Asset Management

Published

2015-07-01

Updated

2016-11-30

CVE-2015-1951

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.1 through 7.1.1.13 IBM Maximo Asset Management versions 7.5.0 through 7.5.0.7 IBM Maximo Asset Management versions 7.6.0 through 7.6.0.0 IFIX004

Description The issue is related to the caching of HTTPS responses, which can be exploited by physically proximate attackers to obtain sensitive local-cache information from an unattended workstation. This can allow a local attacker to gain access to protected information.

Recommendations For IBM Maximo Asset Management versions 7.1 through 7.1.1.13, update to version 7.1.1.14 or later. For IBM Maximo Asset Management versions 7.5.0 through 7.5.0.7, apply IFIX001 or update to version 7.5.0.8 or later. For IBM Maximo Asset Management versions 7.6.0 through 7.6.0.0 IFIX004, apply IFIX005 or update to version 7.6.0.0 IFIX005 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2015-12146

CVE-2015-1951

Affected Products

Ibm Maximo Asset Management

PT-2015-2781 · Ibm · Ibm Maximo Asset Management

CVE-2015-1951

Weakness Enumeration

Related Identifiers

Affected Products

References · 4