Local Information Disclosure Vulnerability in IBM Maximo Asset Management
CVE-2015-7487

4.1MEDIUM

Key Information:

Vendor: IBM
Status: Maximo Asset Management; Maximo For Transportation; Maximo Asset Management Essentials; Maximo For Utilities
Vendor: CVE Published:; 27 January 2016

Summary

A vulnerability exists in IBM Maximo Asset Management that allows local users with administrative privileges to gain unauthorized access to sensitive information by reading log files. This issue affects multiple versions of Maximo Asset Management, posing a risk to organizations using these products. It is crucial for users to apply security updates to mitigate the chances of sensitive data exposure.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21974537

x_refsource_CONFIRM

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2016
Vulnerability Reserved
Sep 29, 2015