Password Field Vulnerability in IBM Maximo Asset Management
CVE-2015-1933

Currently unrated

Key Information:

Vendor: IBM
Status: Maximo Asset Management; Maximo For Nuclear Power; Maximo For Utilities; Maximo For Life Sciences
Vendor: CVE Published:; 4 October 2015

Summary

IBM Maximo Asset Management versions 7.1 through 7.1.1.13, 7.5.0 prior to 7.5.0.8 IFIX001, and 7.6.0 prior to 7.6.0.1 IFIX001 are affected by a vulnerability that lacks an off autocomplete attribute for the password input field. This oversight allows attackers to exploit unattended workstations, potentially gaining unauthorized access to sensitive user accounts.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21965080

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 4, 2015
Vulnerability Reserved
Feb 19, 2015