Insecure Storage of Authentication Credentials in IBM Maximo for Civil Infrastructure
CVE-2021-20445

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Maximo For Civil Infrastructure
Vendor: CVE Published:; 18 February 2021

Summary

IBM Maximo for Civil Infrastructure version 7.6.2 is susceptible to a flaw that allows unauthorized users to access sensitive information due to the insecure storage of authentication credentials. This vulnerability can compromise data confidentiality and lead to potential malicious activities if exploited. Organizations utilizing this version should prioritize the implementation of secure practices to protect sensitive data.

Affected Version(s)

Maximo for Civil Infrastructure 7.6.2

References

https://www.ibm.com/support/pages/node/6415891

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/196621

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2021
Vulnerability Reserved
Dec 17, 2020