CVE-2015-1934

Currently unrated

Key Information:

Vendor: IBM
Status: Maximo Asset Management; Maximo For Nuclear Power; Maximo For Utilities; Maximo For Life Sciences
Vendor: CVE Published:; 4 October 2015

Summary

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21964855

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 4, 2015
Vulnerability Reserved
Feb 19, 2015