CVE-2016-0222

MEDIUM

IBM Maximo Asset Mgmt <7.6.0.3 - Auth Bypass

Title source: llm

Description

IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.

References (1)

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21976949

Scores

CVSS v3 4.3

EPSS 0.0011

EPSS Percentile 29.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-284

Status draft

Affected Products (11)

ibm/maximo_asset_management

ibm/smartcloud_control_desk

ibm/maximo_for_government

ibm/maximo_for_life_sciences

ibm/maximo_for_nuclear_power

ibm/maximo_for_oil_and_gas

ibm/maximo_for_transportation

ibm/maximo_for_utilities

Timeline

Published Mar 14, 2016

Tracked Since Feb 18, 2026