CVE-2015-7487: Infoleak
First published: Wed Jan 27 2016(Updated: )
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Tivoli Change and Configuration Management Database | =7.1 | |
| IBM Tivoli Change and Configuration Management Database | =7.2 | |
| IBM Maximo Asset Management | =7.1 | |
| IBM Maximo Asset Management | =7.1.1 | |
| IBM Maximo Asset Management | =7.1.1.1 | |
| IBM Maximo Asset Management | =7.1.1.2 | |
| IBM Maximo Asset Management | =7.1.1.5 | |
| IBM Maximo Asset Management | =7.1.1.6 | |
| IBM Maximo Asset Management | =7.1.1.7 | |
| IBM Maximo Asset Management | =7.1.1.8 | |
| IBM Maximo Asset Management | =7.1.1.9 | |
| IBM Maximo Asset Management | =7.1.1.10 | |
| IBM Maximo Asset Management | =7.1.1.11 | |
| IBM Maximo Asset Management | =7.1.1.12 | |
| IBM Maximo Asset Management | =7.1.1.13 | |
| IBM Maximo Asset Management | =7.5 | |
| IBM Maximo Asset Management | =7.5.0.0 | |
| IBM Maximo Asset Management | =7.5.0.1 | |
| IBM Maximo Asset Management | =7.5.0.2 | |
| IBM Maximo Asset Management | =7.5.0.3 | |
| IBM Maximo Asset Management | =7.5.0.4 | |
| IBM Maximo Asset Management | =7.5.0.5 | |
| IBM Maximo Asset Management | =7.5.0.6 | |
| IBM Maximo Asset Management | =7.5.0.7 | |
| IBM Maximo Asset Management | =7.5.0.8 | |
| IBM Maximo Asset Management | =7.5.0.9 | |
| IBM Maximo Asset Management | =7.6 | |
| IBM Maximo Asset Management | =7.6.0.0 | |
| IBM Maximo Asset Management | =7.6.0.1 | |
| IBM Maximo Asset Management | =7.6.0.2 | |
| IBM Maximo Asset Management | =7.6.0.3 | |
| IBM Maximo Asset Management Essentials | =7.5.0.0 | |
| IBM Maximo Asset Management Essentials | =7.5.0.1 | |
| IBM Maximo Asset Management Essentials | =7.5.0.2 | |
| IBM Maximo Asset Management Essentials | =7.5.0.3 | |
| IBM Maximo Asset Management Essentials | =7.5.0.4 | |
| IBM Maximo Asset Management Essentials | =7.5.0.5 | |
| IBM Maximo Asset Management Essentials | =7.5.0.6 | |
| IBM Maximo Asset Management Essentials | =7.5.0.7 | |
| IBM Maximo Asset Management Essentials | =7.5.0.8 | |
| IBM Maximo for Energy Optimization | =7.1 | |
| IBM Maximo For Government | =7.1 | |
| IBM Maximo For Government | =7.5 | |
| IBM Maximo for Life Sciences | =7.1 | |
| IBM Maximo for Life Sciences | =7.5 | |
| IBM Maximo for Nuclear Power | =7.1 | |
| IBM Maximo for Nuclear Power | =7.5 | |
| IBM Maximo for Oil and Gas | =7.1 | |
| IBM Maximo for Oil and Gas | =7.5 | |
| IBM Maximo for Transportation | =7.1 | |
| IBM Maximo for Transportation | =7.5 | |
| IBM Maximo for Utilities | =7.1 | |
| IBM Maximo for Utilities | =7.5 | |
| IBM Control Desk | =7.5.1.0 | |
| IBM Control Desk | =7.6 | |
| IBM Tivoli IT Asset Management for IT | =7.1 | |
| IBM Tivoli IT Asset Management for IT | =7.2 | |
| IBM Tivoli Service Request Manager | =7.1.0 | |
| IBM Tivoli Service Request Manager | =7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-7487?
The severity of CVE-2015-7487 is defined as high due to its potential impact on IBM Maximo Asset Management products.
How do I fix CVE-2015-7487?
To fix CVE-2015-7487, you should update your IBM Maximo Asset Management software to version 7.5.0.9 or later for affected versions.
What versions of IBM Maximo Asset Management are affected by CVE-2015-7487?
CVE-2015-7487 affects IBM Maximo Asset Management versions 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001.
Is there a workaround for CVE-2015-7487 if I cannot update immediately?
There are no documented workarounds for CVE-2015-7487, so it is recommended to apply the updates as soon as possible.
What types of systems use IBM Maximo Asset Management affected by CVE-2015-7487?
CVE-2015-7487 impacts various configurations of IBM Maximo Asset Management, including those used in energy, government, life sciences, and other industries.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm tivoli change and configuration management database
- version/ibm tivoli change and configuration management database/7.1
- version/ibm tivoli change and configuration management database/7.2
- canonical/ibm maximo asset management
- version/ibm maximo asset management/7.1
- version/ibm maximo asset management/7.1.1
- version/ibm maximo asset management/7.1.1.1
- version/ibm maximo asset management/7.1.1.2
- version/ibm maximo asset management/7.1.1.5
- version/ibm maximo asset management/7.1.1.6
- version/ibm maximo asset management/7.1.1.7
- version/ibm maximo asset management/7.1.1.8
- version/ibm maximo asset management/7.1.1.9
- version/ibm maximo asset management/7.1.1.10
- version/ibm maximo asset management/7.1.1.11
- version/ibm maximo asset management/7.1.1.12
- version/ibm maximo asset management/7.1.1.13
- version/ibm maximo asset management/7.5
- version/ibm maximo asset management/7.5.0.0
- version/ibm maximo asset management/7.5.0.1
- version/ibm maximo asset management/7.5.0.2
- version/ibm maximo asset management/7.5.0.3
- version/ibm maximo asset management/7.5.0.4
- version/ibm maximo asset management/7.5.0.5
- version/ibm maximo asset management/7.5.0.6
- version/ibm maximo asset management/7.5.0.7
- version/ibm maximo asset management/7.5.0.8
- version/ibm maximo asset management/7.5.0.9
- version/ibm maximo asset management/7.6
- version/ibm maximo asset management/7.6.0.0
- version/ibm maximo asset management/7.6.0.1
- version/ibm maximo asset management/7.6.0.2
- version/ibm maximo asset management/7.6.0.3
- canonical/ibm maximo asset management essentials
- version/ibm maximo asset management essentials/7.5.0.0
- version/ibm maximo asset management essentials/7.5.0.1
- version/ibm maximo asset management essentials/7.5.0.2
- version/ibm maximo asset management essentials/7.5.0.3
- version/ibm maximo asset management essentials/7.5.0.4
- version/ibm maximo asset management essentials/7.5.0.5
- version/ibm maximo asset management essentials/7.5.0.6
- version/ibm maximo asset management essentials/7.5.0.7
- version/ibm maximo asset management essentials/7.5.0.8
- canonical/ibm maximo for energy optimization
- version/ibm maximo for energy optimization/7.1
- canonical/ibm maximo for government
- version/ibm maximo for government/7.1
- version/ibm maximo for government/7.5
- canonical/ibm maximo for life sciences
- version/ibm maximo for life sciences/7.1
- version/ibm maximo for life sciences/7.5
- canonical/ibm maximo for nuclear power
- version/ibm maximo for nuclear power/7.1
- version/ibm maximo for nuclear power/7.5
- canonical/ibm maximo for oil and gas
- version/ibm maximo for oil and gas/7.1
- version/ibm maximo for oil and gas/7.5
- canonical/ibm maximo for transportation
- version/ibm maximo for transportation/7.1
- version/ibm maximo for transportation/7.5
- canonical/ibm maximo for utilities
- version/ibm maximo for utilities/7.1
- version/ibm maximo for utilities/7.5
- canonical/ibm control desk
- version/ibm control desk/7.5.1.0
- version/ibm control desk/7.6
- canonical/ibm tivoli it asset management for it
- version/ibm tivoli it asset management for it/7.1
- version/ibm tivoli it asset management for it/7.2
- canonical/ibm tivoli service request manager
- version/ibm tivoli service request manager/7.1.0
- version/ibm tivoli service request manager/7.2