CVE-2016-0289

MEDIUM

IBM Maximo Asset Mgmt <7.5.0.10, <7.6.0.4 - Auth Bypass

Title source: llm
STIX 2.1

Description

shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21979519

Scores

CVSS v3 4.3
EPSS 0.0078
EPSS Percentile 51.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-284
Status published
Products (17)
ibm/maximo_asset_management 7.1
ibm/maximo_asset_management 7.5
ibm/maximo_asset_management 7.5.0.0
ibm/maximo_asset_management 7.5.0.1
ibm/maximo_asset_management 7.5.0.2
ibm/maximo_asset_management 7.5.0.3
ibm/maximo_asset_management 7.5.0.4
ibm/maximo_asset_management 7.5.0.5
ibm/maximo_asset_management 7.5.0.6
ibm/maximo_asset_management 7.5.0.7
... and 7 more
Published Apr 05, 2016
Tracked Since Feb 18, 2026