Information Disclosure in IBM Maximo Asset Management
CVE-2015-4965

Currently unrated

Key Information:

Vendor: IBM
Status: Maximo Asset Management; Maximo For Nuclear Power; Maximo For Utilities; Maximo For Life Sciences
Vendor: CVE Published:; 6 October 2015

Summary

This vulnerability allows remote authenticated users to access sensitive information by reading backup or debug application files within IBM Maximo Asset Management software. The affected versions include IBM Maximo Asset Management 7.1 through 7.1.1.13, and 7.5.0 and 7.6.0 prior to specific IFIX updates, posing a risk of data leakage if proper security measures are not enforced.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21966194

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 6, 2015
Vulnerability Reserved
Jun 24, 2015