CVE-2015-5017

EUVD-2015-5034
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
ibmchange_and_configuration_management_database
7.1
ibmchange_and_configuration_management_database
7.2
ibmmaximo_asset_management
7.1
ibmmaximo_asset_management
7.5
ibmmaximo_asset_management
7.6
ibmmaximo_asset_management_essentials
7.1
ibmmaximo_asset_management_essentials
7.5
ibmmaximo_for_energy_optimization
7.1
ibmmaximo_for_government
7.1
ibmmaximo_for_government
7.5
ibmmaximo_for_life_sciences
7.1
ibmmaximo_for_life_sciences
7.5
ibmmaximo_for_life_sciences
7.6
ibmmaximo_for_nuclear_power
7.1
ibmmaximo_for_nuclear_power
7.5
ibmmaximo_for_oil_and_gas
7.1
ibmmaximo_for_oil_and_gas
7.5
ibmmaximo_for_transportation
7.1
ibmmaximo_for_transportation
7.5
ibmmaximo_for_utilities
7.1
ibmmaximo_for_utilities
7.5
ibmsmartcloud_control_desk
7.5
ibmsmartcloud_control_desk
7.6
ibmtivoli_asset_management_for_it
7.1
ibmtivoli_asset_management_for_it
7.2
ibmtivoli_service_request_manager
7.1
ibmtivoli_service_request_manager
7.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21969052
http://www-01.ibm.com/support/docview.wss?uid=swg21969052