CVE-2015-5017

MEDIUM

IBM Maximo Asset Management 7.1-7.1.1.13, 7.5.0-7.5.0.8, 7.6.0-7.6.0.2 - Authenticated Access Control Bypass

Title source: llm
STIX 2.1

Description

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21969052

Scores

CVSS v3 5.4
EPSS 0.0066
EPSS Percentile 47.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Details

CWE
CWE-284
Status published
Products (27)
ibm/change_and_configuration_management_database 7.1
ibm/change_and_configuration_management_database 7.2
ibm/maximo_asset_management 7.1
ibm/maximo_asset_management 7.5
ibm/maximo_asset_management 7.6
ibm/maximo_asset_management_essentials 7.1
ibm/maximo_asset_management_essentials 7.5
ibm/maximo_for_energy_optimization 7.1
ibm/maximo_for_government 7.1
ibm/maximo_for_government 7.5
... and 17 more
Published Jan 03, 2016
Tracked Since Feb 18, 2026