PT-2017-6426 · Ibm · Tivoli Asset Management For It+4
Jakub Palaczynski
+1
·
Published
2017-04-24
·
Updated
2017-04-27
·
CVE-2015-0104
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database versions 7.1 through 7.1.1.8 and 7.2
Maximo Asset Management and Maximo Industry Solutions versions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002
Description
The issue allows remote authenticated users to execute arbitrary code via unspecified vectors.
Recommendations
For IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database versions 7.1 through 7.1.1.8, update to a version outside of the affected range.
For IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database version 7.2, update to a version outside of the affected range.
For Maximo Asset Management and Maximo Industry Solutions versions 7.1 through 7.1.1.8, update to a version outside of the affected range.
For Maximo Asset Management and Maximo Industry Solutions version 7.5, apply 7.5.0.7 IFIX003 or later.
For Maximo Asset Management and Maximo Industry Solutions version 7.6, apply 7.6.0.0 IFIX002 or later.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Change/Configuration Management Database
Tivoli Asset Management For It
Ibm Maximo Asset Management
Maximo Industry Solutions
Tivoli Service Request Manager