CVE-2015-1933

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.1 through 7.1.1.13 IBM Maximo Asset Management versions 7.5.0 before 7.5.0.8 IFIX001 IBM Maximo Asset Management versions 7.6.0 before 7.6.0.1 IFIX001 IBM Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 for SmartCloud Control Desk IBM Maximo Asset Management 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk IBM Maximo Asset Management versions 7.1 through 7.1.1.13 for Tivoli IT Asset Management for IT IBM Maximo Asset Management version 7.2 for Tivoli IT Asset Management for IT

Description The issue makes it easier for remote attackers to obtain access by leveraging an unattended workstation, as the password field does not have an off autocomplete attribute.

Recommendations For versions 7.1 through 7.1.1.13, consider disabling the password autocomplete feature until a patch is available. For versions 7.5.0 before 7.5.0.8 IFIX001, apply the 7.5.0.8 IFIX001 update to resolve the issue. For versions 7.6.0 before 7.6.0.1 IFIX001, apply the 7.6.0.1 IFIX001 update to resolve the issue. For 7.5.x before 7.5.0.8 IFIX001 for SmartCloud Control Desk, apply the 7.5.0.8 IFIX001 update to resolve the issue. For 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk, apply the 7.6.0.1 IFIX001 update to resolve the issue. For version 7.2 for Tivoli IT Asset Management for IT, there is no information about a newer version that contains a fix for this issue.