CVE-2016-0222Improper Access Control in IBM Maximo Asset Management

CWE-284Improper Access Control3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 70.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Maximo Asset Management
Timeline
PublishedMar 14
Latest updateMay 17

Description

IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

NVDibm/maximo_asset_management4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-mf9g-mp5v-x943: IBM Maximo Asset Management 72022-05-17
CVEList
CVE-2016-0222: IBM Maximo Asset Management 72016-03-14
CVE-2016-0222 — Improper Access Control in IBM | cvebase