CVE-2015-7396

Опубликовано: 02 янв. 2016

Источник: nvd

CVSS3: 5.4

CVSS2: 5.5

EPSS Низкий

Описание

The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg21970799
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21970799
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00133

Низкий

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-h5g7-49ww-h69p