IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.
References
Link | Resource |
---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg21969052 | Vendor Advisory |
http://www-01.ibm.com/support/docview.wss?uid=swg21969052 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:32
Type | Values Removed | Values Added |
---|---|---|
References | () http://www-01.ibm.com/support/docview.wss?uid=swg21969052 - Vendor Advisory |
Information
Published : 2016-01-03 05:59
Updated : 2024-11-21 02:32
NVD link : CVE-2015-5017
Mitre link : CVE-2015-5017
CVE.ORG link : CVE-2015-5017
JSON object : View
Products Affected
ibm
- maximo_for_transportation
- smartcloud_control_desk
- change_and_configuration_management_database
- maximo_for_nuclear_power
- tivoli_asset_management_for_it
- maximo_asset_management
- maximo_for_utilities
- tivoli_service_request_manager
- maximo_for_oil_and_gas
- maximo_for_government
- maximo_for_life_sciences
- maximo_for_energy_optimization
- maximo_asset_management_essentials
CWE
CWE-284
Improper Access Control