CVE-2020-4521

Name of the Vulnerable Software and Affected Versions: IBM Maximo Asset Management versions 7.6.0 through 7.6.1

Description: The issue is related to an unsafe deserialization in Java, which could allow a remote authenticated attacker to execute arbitrary code on the system. This can be achieved by sending a specially-crafted request, enabling the attacker to exploit the vulnerability and execute arbitrary code.

Recommendations: For IBM Maximo Asset Management versions 7.6.0 and 7.6.1, consider disabling the deserialization mechanism in Java as a temporary workaround until a patch is available. Restrict access to the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.