CVE-2015-5016

CWE-200 — Information Exposure3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 71.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Change AND Configuration Management Database IBM Control Desk IBM Maximo Asset Management +11 more

Timeline

PublishedMar 27

Latest updateMay 14

Description

IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages7 packages

▶NVDibm/maximo_asset_management_essentials7.1, 7.5+1

▶NVDibm/maximo_asset_management7.1, 7.5, 7.6+2

▶NVDibm/tivoli_asset_management7.1, 7.2+1

▶NVDibm/change_and_configuration_management_database7.1, 7.2+1

▶NVDibm/maximo7.6, 7.1, 7.5+2

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-p4hm-3m49-2r96: IBM Maximo Asset Management 7↗2022-05-14

▶

CVEList

CVE-2015-5016: IBM Maximo Asset Management 7↗2018-03-27

▶