CVE-2015-0104

HIGH

IBM Change And Configuration Manageme... - Improper Access Control

Title source: rule

Description

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors.

Exploits (1)

exploitdb WORKING POC

webappsjsp

https://www.exploit-db.com/exploits/36002

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97999

[Patch, Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21694974

Scores

CVSS v3 8.8

EPSS 0.0204

EPSS Percentile 83.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-284

Status published

Products (21)

ibm/change_and_configuration_management_database 7.1

ibm/change_and_configuration_management_database 7.2

ibm/maximo_asset_management 7.1

ibm/maximo_asset_management 7.1.1

ibm/maximo_asset_management 7.1.1.1

ibm/maximo_asset_management 7.1.1.2

ibm/maximo_asset_management 7.1.1.5

ibm/maximo_asset_management 7.1.1.6

ibm/maximo_asset_management 7.1.1.7

ibm/maximo_asset_management 7.1.1.8

... and 11 more

Published Apr 24, 2017

Tracked Since Feb 18, 2026