Design/Logic Flaw

2018-03-2717:29:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

32.3%

JSON

IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.

CPENameOperatorVersion
change_and_configuration_management_databaseeq7.1
change_and_configuration_management_databaseeq7.2
control_deskeq7.5
control_deskeq7.6
maximo_asset_managementeq7.5
maximo_asset_managementeq7.1
maximo_asset_managementeq7.6
maximo_asset_management_essentialseq7.5
maximo_asset_management_essentialseq7.1
maximo_for_aviationeq7.6

Name	Operator	Version
change_and_configuration_management_database	eq	7.1
change_and_configuration_management_database	eq	7.2
control_desk	eq	7.5
control_desk	eq	7.6
maximo_asset_management	eq	7.5
maximo_asset_management	eq	7.1
maximo_asset_management	eq	7.6
maximo_asset_management_essentials	eq	7.5
maximo_asset_management_essentials	eq	7.1
maximo_for_aviation	eq	7.6