CVE-2015-5016: Infoleak
First published: Tue Mar 27 2018(Updated: )
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Maximo Asset Management | =7.1 | |
| IBM Maximo Asset Management | =7.5 | |
| IBM Maximo Asset Management | =7.6 | |
| IBM Maximo Asset Management Essentials | =7.1 | |
| IBM Maximo Asset Management Essentials | =7.5 | |
| IBM Maximo for Energy Optimization | =7.1 | |
| IBM Maximo for Aviation | =7.6 | |
| IBM Maximo For Government | =7.1 | |
| IBM Maximo For Government | =7.5 | |
| IBM Maximo for Nuclear Power | =7.1 | |
| IBM Maximo for Nuclear Power | =7.5 | |
| IBM Maximo for Transportation | =7.1 | |
| IBM Maximo for Transportation | =7.5 | |
| IBM Maximo for Transportation | =7.6 | |
| IBM Maximo for Life Sciences | =7.1 | |
| IBM Maximo for Life Sciences | =7.5 | |
| IBM Maximo for Life Sciences | =7.6 | |
| IBM Maximo for Oil and Gas | =7.1 | |
| IBM Maximo for Oil and Gas | =7.5 | |
| IBM Maximo for Utilities | =7.1 | |
| IBM Maximo for Utilities | =7.5 | |
| IBM SmartCloud Control Desk | =7.5 | |
| IBM SmartCloud Control Desk | =7.6 | |
| IBM Tivoli IT Asset Management for IT | =7.1 | |
| IBM Tivoli IT Asset Management for IT | =7.2 | |
| IBM Tivoli Service Request Manager | =7.1 | |
| IBM Tivoli Service Request Manager | =7.2 | |
| IBM Tivoli Change and Configuration Management Database | =7.1 | |
| IBM Tivoli Change and Configuration Management Database | =7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this IBM Maximo Asset Management vulnerability?
The vulnerability ID of this IBM Maximo Asset Management vulnerability is CVE-2015-5016.
What is the severity of CVE-2015-5016?
The severity of CVE-2015-5016 is medium.
Which versions of IBM Maximo Asset Management are affected by CVE-2015-5016?
Versions 7.1, 7.5, and 7.6 of IBM Maximo Asset Management are affected by CVE-2015-5016.
How can a remote authenticated user exploit CVE-2015-5016?
A remote authenticated user can exploit CVE-2015-5016 to bypass intended access restrictions and read arbitrary ticket workloads.
Where can I find more information about CVE-2015-5016?
You can find more information about CVE-2015-5016 [here](http://www-01.ibm.com/support/docview.wss?uid=swg21971160) and [here](https://exchange.xforce.ibmcloud.com/vulnerabilities/106460).
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm maximo asset management
- version/ibm maximo asset management/7.1
- version/ibm maximo asset management/7.5
- version/ibm maximo asset management/7.6
- canonical/ibm maximo asset management essentials
- version/ibm maximo asset management essentials/7.1
- version/ibm maximo asset management essentials/7.5
- canonical/ibm maximo for energy optimization
- version/ibm maximo for energy optimization/7.1
- canonical/ibm maximo for aviation
- version/ibm maximo for aviation/7.6
- canonical/ibm maximo for government
- version/ibm maximo for government/7.1
- version/ibm maximo for government/7.5
- canonical/ibm maximo for nuclear power
- version/ibm maximo for nuclear power/7.1
- version/ibm maximo for nuclear power/7.5
- canonical/ibm maximo for transportation
- version/ibm maximo for transportation/7.1
- version/ibm maximo for transportation/7.5
- version/ibm maximo for transportation/7.6
- canonical/ibm maximo for life sciences
- version/ibm maximo for life sciences/7.1
- version/ibm maximo for life sciences/7.5
- version/ibm maximo for life sciences/7.6
- canonical/ibm maximo for oil and gas
- version/ibm maximo for oil and gas/7.1
- version/ibm maximo for oil and gas/7.5
- canonical/ibm maximo for utilities
- version/ibm maximo for utilities/7.1
- version/ibm maximo for utilities/7.5
- canonical/ibm smartcloud control desk
- version/ibm smartcloud control desk/7.5
- version/ibm smartcloud control desk/7.6
- canonical/ibm tivoli it asset management for it
- version/ibm tivoli it asset management for it/7.1
- version/ibm tivoli it asset management for it/7.2
- canonical/ibm tivoli service request manager
- version/ibm tivoli service request manager/7.1
- version/ibm tivoli service request manager/7.2
- canonical/ibm tivoli change and configuration management database
- version/ibm tivoli change and configuration management database/7.1
- version/ibm tivoli change and configuration management database/7.2