1. Home
  2. CVE Database
  3. CVE-2015-5017
MEDIUM · 5.4

CVE-2015-5017

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 ...

Vulnerability Description

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
IbmChange And Configuration Management Database7.1
IbmMaximo Asset Management7.1
IbmMaximo Asset Management Essentials7.1
IbmMaximo For Energy Optimization7.1
IbmMaximo For Government7.1
IbmMaximo For Life Sciences7.1
IbmMaximo For Nuclear Power7.1
IbmMaximo For Oil And Gas7.1
IbmMaximo For Transportation7.1
IbmMaximo For Utilities7.1
IbmSmartcloud Control Desk7.5
IbmTivoli Asset Management For It7.1
IbmTivoli Service Request Manager7.1

Related Weaknesses (CWE)

CWE-284

References

FAQ

What is CVE-2015-5017?

CVE-2015-5017 is a vulnerability with a CVSS score of 5.4 (MEDIUM). IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 ...

How severe is CVE-2015-5017?

CVE-2015-5017 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-5017?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Change And Configuration Management Database, Ibm Maximo Asset Management, Ibm Maximo Asset Management Essentials, Ibm Maximo For Energy Optimization, Ibm Maximo For Government.