Vulnerability: Authentication Bypass via Expired Password in IBM Maximo Asset Management and related products

Vulnerability: Authentication Bypass via Expired Password in IBM Maximo Asset Management and related products

CVE-2015-5017 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:N

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.

Learn more about our Cloud Audit.