1. Home
  2. CVE Database
  3. CVE-2015-7487
MEDIUM · 4.1

CVE-2015-7487

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 ...

Vulnerability Description

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files.

CVSS Score

4.1

MEDIUM

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
IbmChange And Configuration Management Database7.1
IbmMaximo Asset Management7.1
IbmMaximo Asset Management Essentials7.5.0.0
IbmMaximo For Energy Optimization7.1
IbmMaximo For Government7.1
IbmMaximo For Life Sciences7.1
IbmMaximo For Nuclear Power7.1
IbmMaximo For Oil And Gas7.1
IbmMaximo For Transportation7.1
IbmMaximo For Utilities7.1
IbmSmartcloud Control Desk7.5.1.0
IbmTivoli Asset Management For It7.1
IbmTivoli Service Request Manager7.1.0

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2015-7487?

CVE-2015-7487 is a vulnerability with a CVSS score of 4.1 (MEDIUM). IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 ...

How severe is CVE-2015-7487?

CVE-2015-7487 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-7487?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Change And Configuration Management Database, Ibm Maximo Asset Management, Ibm Maximo Asset Management Essentials, Ibm Maximo For Energy Optimization, Ibm Maximo For Government.