CVE-2015-7395

IBM Maximo Asset Management Access Control Bypass (7.1-7.1.1.13, 7.5.0 < 7.5.0.8 IFIX005, 7.6.0 < 7.6.0.2 FP002)

Title source: llm
STIX 2.1

Description

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21969072

Scores

EPSS 0.0096
EPSS Percentile 57.3%

Details

CWE
CWE-284
Status published
Products (50)
ibm/change_and_configuration_management_database 7.1
ibm/change_and_configuration_management_database 7.2
ibm/maximo_asset_management 7.1
ibm/maximo_asset_management 7.1.1
ibm/maximo_asset_management 7.1.1.1
ibm/maximo_asset_management 7.1.1.2
ibm/maximo_asset_management 7.1.1.5
ibm/maximo_asset_management 7.1.1.6
ibm/maximo_asset_management 7.1.1.7
ibm/maximo_asset_management 7.1.1.8
... and 40 more
Published Nov 08, 2015
Tracked Since Feb 18, 2026