Password Encryption Vulnerability in IBM Maximo Asset Management
CVE-2015-1934

Currently unrated

Key Information:

Vendor: IBM
Status: Maximo Asset Management; Maximo For Nuclear Power; Maximo For Utilities; Maximo For Life Sciences
Vendor: CVE Published:; 4 October 2015

Summary

IBM Maximo Asset Management versions 7.1 through 7.1.1.13, 7.5.0 prior to 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001 possess vulnerabilities due to inadequate encryption of passwords. As a result, this flaw enables context-dependent attackers to easily decipher plaintext passwords by exploiting access to exposed password files. This lack of proper encryption can lead to unauthorized access and significant security breaches, posing a serious risk to organizations that rely on these systems.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21964855

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 4, 2015
Vulnerability Reserved
Feb 19, 2015