CVE-2015-1951

IBM Maximo Asset Management 7.1-7.1.1.13, 7.5.0-7.5.0.8, 7.6.0-7.6.0.0 - Sensitive Info Exposure via HTTPS Caching

Title source: llm
STIX 2.1

Description

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.0 IFIX005 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75340
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21959613

Scores

EPSS 0.0033
EPSS Percentile 24.8%

Details

CWE
CWE-200
Status published
Products (23)
ibm/maximo_asset_management 7.1
ibm/maximo_asset_management 7.1.1
ibm/maximo_asset_management 7.1.1.1
ibm/maximo_asset_management 7.1.1.2
ibm/maximo_asset_management 7.1.1.5
ibm/maximo_asset_management 7.1.1.6
ibm/maximo_asset_management 7.1.1.7
ibm/maximo_asset_management 7.1.1.8
ibm/maximo_asset_management 7.1.1.9
ibm/maximo_asset_management 7.1.1.10
... and 13 more
Published Jul 01, 2015
Tracked Since Feb 18, 2026