CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
18.0%
Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to incorrect default permissions.
CVEID:CVE-2022-46774
**DESCRIPTION:**IBM Manage Application in the IBM Maximo Applicaiton Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242953 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Product versions affected:
Affected Product(s) | Version(s) |
---|---|
Maximo Manage Application in IBM Maximo Application Suite | MAS 8.8-Manage 8.4 |
Maximo Manage Application in IBM Maximo Application Suite | MAS 8.8-Manage 8.5 |
See Workarounds and Mitigations
In Manage 8.4:
Before proceeding, ensure that security is configured for all object structures. After the following change is implemented, no access is permitted except through explicitly defined security.
1. Go to the System Properties application and locate the property mxe.int.enableosauth.
2. Set the value for that property to 1 and save.
3. Live refresh the property value.
In Manage 8.5:
No manual steps are required. The property is set securely and cannot be changed in the System Properties application.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | maximo_application_suite | 8.8.0 | cpe:2.3:a:ibm:maximo_application_suite:8.8.0:*:*:*:*:*:*:* |
ibm | maximo_application_suite | 8.9.0 | cpe:2.3:a:ibm:maximo_application_suite:8.9.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
18.0%