CVE-2015-5016

{"id": "CVE-2015-5016", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2018-03-27T17:29:00.337", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."}, {"lang": "es", "value": "IBM Maximo Asset Management 7.1, 7.5 y 7.6; Maximo Asset Management Essentials 7.1 y 7.5; Control Desk 7.5 y 7.6; Tivoli Asset Management for IT 7.1 y 7.2; as\u00ed como otros productos de IBM permiten que usuarios autenticados remotos omitan las restricciones de acceso previstas y lean entradas del registro de tareas de tickets arbitrarias mediante vectores sin especificar. IBM X-Force ID: 106460."}], "lastModified": "2024-11-21T02:32:11.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3"}, {"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E"}, {"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57"}, {"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE"}, {"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7759191C-5D16-4937-BC80-5A47FE4F9DD1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED"}, {"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02"}, {"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD"}, {"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD"}, {"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:control_desk:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33E903B1-43FE-4120-95E1-2108B630D49B"}, {"criteria": "cpe:2.3:a:ibm:control_desk:7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6282F8E2-9EFD-4CBE-8732-22659413B149"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3"}, {"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B"}, {"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD"}, {"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}