Description
IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.
CVSS breakdown
CVSS 3.0
Availability
High
Attack Complexity
Low
Attack Vector
Network
Confidentiality
High
Integrity
High
Privileges Required
Low
Scope
Unchanged
User Interaction
None
E
Unchanged
RC
Changed
RL
O
Affected products
- ibm / maximo_asset_management7.6 – 7.6
- ibm / maximo_asset_management7.6.0 – 7.6.0
- ibm / maximo_asset_management7.6.0.1 – 7.6.0.1
- ibm / maximo_asset_management7.6.1 – 7.6.1
- ibm / maximo_asset_management7.6.2 – 7.6.2
- ibm / maximo_asset_management7.6.2.1 – 7.6.2.1
- ibm / maximo_asset_management7.6.2.2 – 7.6.2.2
- ibm / maximo_asset_management7.6.2.3 – 7.6.2.3
- ibm / maximo_asset_management7.6.2.4 – 7.6.2.4
- ibm / maximo_asset_management7.6.3 – 7.6.3