PT-2018-12952 · Ibm · Ibm Maximo Asset Management

Olassery Kunnikkal Shafeeque

·

Published

2018-08-06

·

Updated

2019-10-09

·

CVE-2018-1528

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.6 through 7.6.3
Description The issue allows an authenticated user to obtain sensitive information from the "WhoAmI API" endpoint.
Recommendations For versions 7.6 through 7.6.3, consider restricting access to the WhoAmI API endpoint until a fix is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-1528

Affected Products

Ibm Maximo Asset Management