CVE-2015-5017

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.1 through 7.1.1.13 IBM Maximo Asset Management versions 7.5.0 before 7.5.0.8 IFIX005 IBM Maximo Asset Management versions 7.6.0 before 7.6.0.2 IFIX002 IBM Maximo Asset Management version 7.5.1 IBM Maximo Asset Management version 7.2

Description The issue allows remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password. This affects various IBM products, including Maximo Asset Management for SmartCloud Control Desk and Tivoli IT Asset Management for IT.

Recommendations For versions 7.1 through 7.1.1.13, update to a version after 7.1.1.13. For versions 7.5.0 before 7.5.0.8 IFIX005, apply IFIX005 or update to a version after 7.5.0.8 IFIX005. For versions 7.6.0 before 7.6.0.2 IFIX002, apply IFIX002 or update to a version after 7.6.0.2 IFIX002. For version 7.5.1, update to a version after 7.5.1. For version 7.2, update to a version after 7.2.