CVE-2016-0289Improper Access Control in IBM Maximo Asset Management

CWE-284Improper Access Control4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 73.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Maximo Asset Management
Timeline
PublishedApr 5
Latest updateMay 17

Description

shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

NVDibm/maximo_asset_management17 versions+16

🔴Vulnerability Details

2
GHSA
GHSA-9v2p-r9jm-3mj6: shiprec2022-05-17
CVEList
CVE-2016-0289: shiprec2016-04-04

💬Community

1
Bugzilla
CVE-2016-8860 tor: Version 0.2.8.9 contains security fixes2016-10-19
CVE-2016-0289 — Improper Access Control in IBM | cvebase