CVE-2019-4478Sensitive Information Exposure in IBM Maximo Asset Management

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 59.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Maximo Asset Management
Timeline
PublishedMay 12
Latest updateMay 24

Description

IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/maximo_asset_management7.6.0, 7.6.1, 7.6.1.1+2
NVDibm/maximo_asset_management7.6.0.0, 7.6.1, 7.6.1.1+2

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-8cq7-pp3f-m9m4: IBM Maximo Asset Management 72022-05-24
CVEList
CVE-2019-4478: IBM Maximo Asset Management 72020-05-12
CVE-2019-4478 — Sensitive Information Exposure in IBM | cvebase