CVE-2015-4966

CWE-2553 documents3 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 42.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
IBM Maximo Asset ManagementIBM Change AND Configuration Management DatabaseIBM Maximo FOR Government+8 more
Timeline
PublishedNov 8
Latest updateMay 17

Description

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages7 packages

CVEListV5ibm/maximo_asset_management9 versions+8
NVDibm/maximo_asset_management26 versions+25
NVDibm/maximo8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-cvj4-pqcv-mvc9: IBM Maximo Asset Management 72022-05-17
CVEList
CVE-2015-4966: IBM Maximo Asset Management 72015-11-08