CVE-2013-3323

CRITICAL

IBM Maximo Asset Mgmt <7.5-6.2 - Privilege Escalation

Title source: llm

Description

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry x_refsource_misc

http://www.securityfocus.com/bid/62685

VDB Entry, Vendor Advisory x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240

Vendor Advisory x_refsource_confirm

https://www.ibm.com/support/pages/node/235239

Scores

CVSS v3 9.8

EPSS 0.0280

EPSS Percentile 84.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (40)

ibm/change_and_configuration_management_database 7.1

ibm/change_and_configuration_management_database 7.2

ibm/maximo_asset_management 6.2

ibm/maximo_asset_management 7.1

ibm/maximo_asset_management 7.5

ibm/maximo_asset_management_essentials 6.2

ibm/maximo_asset_management_essentials 7.1

ibm/maximo_asset_management_essentials 7.5

ibm/maximo_for_government 6.2

ibm/maximo_for_government 7.1

... and 30 more

Published Feb 18, 2020

Tracked Since Feb 18, 2026