Default Administrator Access in IBM Maximo Asset Management and Tivoli IT Asset Management
CVE-2015-4966

Currently unrated

Key Information:

Vendor: IBM
Status: Maximo Asset Management; Maximo For Nuclear Power; Maximo For Utilities; Maximo For Life Sciences
Vendor: CVE Published:; 8 November 2015

Summary

IBM Maximo Asset Management and certain related products contain a default administrator account that could allow remote authenticated users to gain unauthorized access through unspecified vectors. This misconfiguration poses significant security risks, as it could enable attackers to exploit the default account for malicious purposes. Users are encouraged to implement proper security measures to secure their installations.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21968191

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 8, 2015
Vulnerability Reserved
Jun 24, 2015