IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.
References
Link | Resource |
---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg21969052 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2016-01-03 05:59
Updated : 2024-02-28 15:21
NVD link : CVE-2015-5017
Mitre link : CVE-2015-5017
CVE.ORG link : CVE-2015-5017
JSON object : View
Products Affected
ibm
- tivoli_service_request_manager
- maximo_asset_management_essentials
- maximo_for_utilities
- maximo_asset_management
- maximo_for_government
- maximo_for_transportation
- maximo_for_energy_optimization
- tivoli_asset_management_for_it
- maximo_for_life_sciences
- maximo_for_oil_and_gas
- change_and_configuration_management_database
- maximo_for_nuclear_power
- smartcloud_control_desk
CWE
CWE-284
Improper Access Control