CVE-2015-5017

MEDIUM

IBM Change And Configuration Manageme... - Improper Access Control

Title source: rule

Description

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.

References (1)

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21969052

Scores

CVSS v3 5.4

EPSS 0.0010

EPSS Percentile 28.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Classification

CWE

CWE-284

Status draft

Affected Products (27)

ibm/change_and_configuration_management_database

ibm/maximo_asset_management

ibm/maximo_asset_management_essentials

ibm/maximo_for_energy_optimization

ibm/maximo_for_government

ibm/maximo_for_life_sciences

ibm/maximo_for_nuclear_power

... and 12 more

Timeline

Published Jan 03, 2016

Tracked Since Feb 18, 2026