Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME966318145FA85181D50A3F950D04B524FCCA533F287CB3FDFC36416FA246B02
HistoryApr 28, 2020 - 8:02 p.m.

Security Bulletin: Sensitive Information Disclosed in Logs (CVE-2019-4286)

2020-04-2820:02:53
www.ibm.com
10

0.0004 Low

EPSS

Percentile

12.6%

JSON

Summary

IBM Maximo Anywhere discloses sensitive information such as usernames, passwords, session token and other cookies in device/console logs.

Vulnerability Details

CVEID:CVE-2019-4286
**DESCRIPTION:**IBM Maximo Anywhere could disclose highly senstiive user information to an authenticated user with physical access to the device.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/160514 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Maximo Anywhere 7.6.2
IBM Maximo Anywhere 7.6.3

Remediation/Fixes

Affected Product

|

VRMF

|

Remediation / First Fix

—|—|—
IBM Maximo Anywhere| 7.6.2.x| Request LA Fix from Support.
IBM Maximo Anywhere| 7.6.3.x| Request LA Fix from Support.

Due to the threat posed by a successful attack, IBM strongly recommends that customers apply fixes as soon as possible.

Workarounds and Mitigations

None

Related

nvd 1
prion 1
cvelist 1
cve 1
nvd
nvd
CVE-2019-4286
2020-04-29 14:15:15
prion
prion
Code injection
2020-04-29 14:15:00
cvelist
cvelist
CVE-2019-4286
2020-04-28 00:00:00
cve
cve
CVE-2019-4286
2020-04-29 14:15:15

0.0004 Low

EPSS

Percentile

12.6%

JSON
Related for E966318145FA85181D50A3F950D04B524FCCA533F287CB3FDFC36416FA246B02
nvd1prion1cvelist1cve1