CVE-2019-4446

CWE-862Missing Authorization4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.1%
top 69.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
18
IBM Maximo Asset ManagementIBM Control DeskIBM Maximo Asset Configuration Manager+15 more
Timeline
PublishedApr 17
Latest updateMay 24

Description

IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages13 packages

NVDibm/maximo_asset_management7.6.0, 7.6.1, 7.6.1.1+2
NVDibm/maximo_asset_management_scheduler7.6.7, 7.6.7.1, 7.6.7.3+2
NVDibm/maximo_asset_management_scheduler_plus7.6.7, 7.6.7.1, 7.6.7.3+2
NVDibm/maximo_linear_asset_manager7.6.0.1, 7.6.0.2, 7.6.0.3+2

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

3
GHSA
GHSA-69xc-p83f-62p4: IBM Maximo Asset Management 72022-05-24
OSV
squid3 regression2020-08-27
CVEList
CVE-2019-4446: IBM Maximo Asset Management 72020-04-17