Lucene search

[email protected]CVE-2015-1934

HistoryOct 04, 2015 - 2:59 a.m.

CVE-2015-1934

2015-10-0402:59:01

CWE-310

[email protected]

web.nvd.nist.gov

ibm

maximo asset management

cve-2015-1934

security

password encryption

vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.2%

JSON

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file.

Affected configurations

NVD

Node

ibmchange_and_configuration_management_databaseMatch7.1

ibmchange_and_configuration_management_databaseMatch7.2

ibmmaximo_asset_managementMatch7.1

ibmmaximo_asset_managementMatch7.1.1

ibmmaximo_asset_managementMatch7.1.1.1

ibmmaximo_asset_managementMatch7.1.1.2

ibmmaximo_asset_managementMatch7.1.1.5

ibmmaximo_asset_managementMatch7.1.1.6

ibmmaximo_asset_managementMatch7.1.1.7

ibmmaximo_asset_managementMatch7.1.1.8

ibmmaximo_asset_managementMatch7.1.1.9

ibmmaximo_asset_managementMatch7.1.1.10

ibmmaximo_asset_managementMatch7.1.1.11

ibmmaximo_asset_managementMatch7.1.1.12

ibmmaximo_asset_managementMatch7.1.1.13

ibmmaximo_asset_managementMatch7.5.0.0

ibmmaximo_asset_managementMatch7.5.0.1

ibmmaximo_asset_managementMatch7.5.0.2

ibmmaximo_asset_managementMatch7.5.0.3

ibmmaximo_asset_managementMatch7.5.0.4

ibmmaximo_asset_managementMatch7.5.0.5

ibmmaximo_asset_managementMatch7.5.0.6

ibmmaximo_asset_managementMatch7.5.0.7

ibmmaximo_asset_managementMatch7.5.0.8

ibmmaximo_asset_managementMatch7.6.0.0

ibmmaximo_asset_management_essentialsMatch7.1

ibmmaximo_asset_management_essentialsMatch7.5

ibmmaximo_for_energy_optimizationMatch7.1

ibmmaximo_for_governmentMatch7.1

ibmmaximo_for_governmentMatch7.5.0.0

ibmmaximo_for_governmentMatch7.5.0.1

ibmmaximo_for_governmentMatch7.5.0.2

ibmmaximo_for_governmentMatch7.5.0.3

ibmmaximo_for_governmentMatch7.5.0.4

ibmmaximo_for_governmentMatch7.5.0.5

ibmmaximo_for_governmentMatch7.5.0.6

ibmmaximo_for_life_sciencesMatch7.1

ibmmaximo_for_life_sciencesMatch7.5.0.0

ibmmaximo_for_life_sciencesMatch7.5.0.1

ibmmaximo_for_life_sciencesMatch7.5.0.2

ibmmaximo_for_life_sciencesMatch7.5.0.3

ibmmaximo_for_life_sciencesMatch7.5.0.4

ibmmaximo_for_life_sciencesMatch7.5.0.5

ibmmaximo_for_life_sciencesMatch7.5.0.6

ibmmaximo_for_nuclear_powerMatch7.1

ibmmaximo_for_nuclear_powerMatch7.5.0.0

ibmmaximo_for_nuclear_powerMatch7.5.0.1

ibmmaximo_for_nuclear_powerMatch7.5.0.2

ibmmaximo_for_nuclear_powerMatch7.5.0.3

ibmmaximo_for_nuclear_powerMatch7.5.0.4

ibmmaximo_for_nuclear_powerMatch7.5.0.5

ibmmaximo_for_nuclear_powerMatch7.5.0.6

ibmmaximo_for_oil_and_gasMatch7.1

ibmmaximo_for_oil_and_gasMatch7.5.0.0

ibmmaximo_for_oil_and_gasMatch7.5.0.1

ibmmaximo_for_oil_and_gasMatch7.5.0.2

ibmmaximo_for_oil_and_gasMatch7.5.0.3

ibmmaximo_for_oil_and_gasMatch7.5.0.4

ibmmaximo_for_oil_and_gasMatch7.5.0.5

ibmmaximo_for_oil_and_gasMatch7.5.0.6

ibmmaximo_for_transportationMatch7.1

ibmmaximo_for_transportationMatch7.5.0.0

ibmmaximo_for_transportationMatch7.5.0.1

ibmmaximo_for_transportationMatch7.5.0.2

ibmmaximo_for_transportationMatch7.5.0.3

ibmmaximo_for_transportationMatch7.5.0.4

ibmmaximo_for_transportationMatch7.5.0.5

ibmmaximo_for_transportationMatch7.5.0.6

ibmmaximo_for_utilitiesMatch7.1

ibmmaximo_for_utilitiesMatch7.5.0.0

ibmmaximo_for_utilitiesMatch7.5.0.1

ibmmaximo_for_utilitiesMatch7.5.0.2

ibmmaximo_for_utilitiesMatch7.5.0.3

ibmmaximo_for_utilitiesMatch7.5.0.4

ibmmaximo_for_utilitiesMatch7.5.0.5

ibmmaximo_for_utilitiesMatch7.5.0.6

ibmsmartcloud_control_deskMatch7.5

ibmtivoli_asset_management_for_itMatch7.1

ibmtivoli_asset_management_for_itMatch7.2

ibmtivoli_service_request_managerMatch7.1.0

ibmtivoli_service_request_managerMatch7.2.0.0

CPENameOperatorVersion
ibm:change_and_configuration_management_databaseibm change and configuration management databaseeq7.1
ibm:change_and_configuration_management_databaseibm change and configuration management databaseeq7.2
ibm:maximo_asset_managementibm maximo asset managementeq7.1
ibm:maximo_asset_managementibm maximo asset managementeq7.1.1
ibm:maximo_asset_managementibm maximo asset managementeq7.1.1.1
ibm:maximo_asset_managementibm maximo asset managementeq7.1.1.2
ibm:maximo_asset_managementibm maximo asset managementeq7.1.1.5
ibm:maximo_asset_managementibm maximo asset managementeq7.1.1.6
ibm:maximo_asset_managementibm maximo asset managementeq7.1.1.7
ibm:maximo_asset_managementibm maximo asset managementeq7.1.1.8

CPE	Name	Operator	Version
ibm:change_and_configuration_management_database	ibm change and configuration management database	eq	7.1
ibm:change_and_configuration_management_database	ibm change and configuration management database	eq	7.2
ibm:maximo_asset_management	ibm maximo asset management	eq	7.1
ibm:maximo_asset_management	ibm maximo asset management	eq	7.1.1
ibm:maximo_asset_management	ibm maximo asset management	eq	7.1.1.1
ibm:maximo_asset_management	ibm maximo asset management	eq	7.1.1.2
ibm:maximo_asset_management	ibm maximo asset management	eq	7.1.1.5
ibm:maximo_asset_management	ibm maximo asset management	eq	7.1.1.6
ibm:maximo_asset_management	ibm maximo asset management	eq	7.1.1.7
ibm:maximo_asset_management	ibm maximo asset management	eq	7.1.1.8