CVE-2015-4965

CWE-200 — Information Exposure3 documents3 sources

Severity

4.0MEDIUM

EPSS

0.1%

top 65.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Change AND Configuration Management Database IBM Maximo Asset Management IBM Maximo Asset Management Essentials +10 more

Timeline

PublishedOct 6

Latest updateMay 17

Description

maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2…

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages7 packages

▶NVDibm/maximo_asset_management23 versions+22

▶NVDibm/maximo_asset_management_essentials7.1, 7.5+1

▶NVDibm/tivoli_asset_management7.1, 7.2+1

▶NVDibm/change_and_configuration_management_database7.1, 7.2+1

▶NVDibm/maximo8 versions+7

🔴Vulnerability Details

GHSA

GHSA-q8q4-hprv-7cg9: maximouiweb/webmodule/webclient/utility/merlin↗2022-05-17

▶

CVEList

CVE-2015-4965: maximouiweb/webmodule/webclient/utility/merlin↗2015-10-05

▶