Lucene search

K
ibmIBM08A29F46834AFA86A6AA4DC93AF4EFD8AE25757E46E0D8369F58AB4F578B9B87
HistorySep 25, 2022 - 9:06 p.m.

Security Bulletin: Security Vulnerabilities Addressed in Asset and Service Mgmt

2022-09-2521:06:56
www.ibm.com
8
maximo asset management
tivoli asset management for it
tivoli service request manager
change and configuration management database
smartcloud control desk
vulnerability
confidentiality
integrity
availability
xss
gain privileges
sql injection
information disclosure
security bypass

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

83.1%

Abstract

XSS, Gain Privileges, SQL Injection, and Information Disclosure vulnerabilities in Maximo Asset Mgmt, Tivoli Asset Mgmt for IT, Tivoli Service Request Mgr, Change and Configuration Mgmt Database, and SmartCloud Control Desk. See Vulnerability Details for CVE IDs.

Content

VULNERABILITY DETAILS:

DESCRIPTION:
Customers who have Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities), Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, Change and Configuration Management Database, and SmartCloud Control Desk are potentially impacted by these vulnerabilities, which can cause issues related to confidentiality, integrity, and availability.

CVE ID APAR DESCRIPTION
CVE-2013-0451
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/80967&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P IV24726 SQL Injection
CVE-2013-3047
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/84844&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N IV35721 Gain Privileges
CVE-2013-3048
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/84845&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N IV36375 Cross-site Scripting
CVE-2013-3049
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/84847&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N IV37599 Security Bypass
CVE-2012-3323
CVSS Base Score: 6.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/77920&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P IV23506 Gain Privileges
CVE-2013-3971
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/84848&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N IV37459 Security Bypass
CVE-2013-3972
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/84849&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N IV39089 Information Disclosure
CVE-2013-3973
CVSS Base Score: 6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/84850&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P IV39184 SQL Injection
CVE-2013-4013
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/85791&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N IV39202 Information Disclosure
CVE-2013-4014
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/85792&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N IV39515 Cross-site Scripting
CVE-2013-4017
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/85794&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV/N:AC/L:Au/S:C/P:I/P:A/P IV42682 SQL Injection
CVE-2013-4018
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/85795&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N IV42684 Information Disclosure
CVE-2013-4019
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/85796&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N IV42664 Cross-site Scripting
CVE-2013-4020
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/85825&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N IV42775 Security Bypass
CVE-2013-4021
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/85826&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N IV42816 File Inclusion
CVE-2013-4027
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/86064&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N IV43491 Security Bypass
CVE-2013-5380
CVSS Base Score: 1.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/86931&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N IV33364 Information Disclosure
CVE-2013-5381
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/86932&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N IV35394 Gain Privileges
CVE-2013-5382
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/86933&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N IV40210 Gain Privileges
CVE-2013-5383
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/86934&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N IV40704 Gain Privileges
CVE-2013-5395
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/87157&gt;
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N IV32526 Security Bypass

AFFECTED PRODUCTS:
· Maximo Asset Management 7.5, 7.1, 6.2
· Maximo Asset Management Essentials 7.5, 7.1, 6.2
· Maximo for Government 7.5, 7.1, 6.2
· Maximo for Nuclear Power 7.5, 7.1, 6.2, 6.3
· Maximo for Transportation 7.5, 7.1, 6.2, 6.3
· Maximo for Life Sciences 7.5, 7.1, 6.2, 6.4, 6.5
· Maximo for Oil and Gas 7.5, 7.1, 6.2, 6.3, 6.4
· Maximo for Utilities 7.5, 7.1, 6.2, 6.3
· SmartCloud Control Desk 7.5
· Tivoli Asset Management for IT 7.2, 7.1, 6.2
· Tivoli Service Request Manager 7.2, 7.1, Maximo Service Desk 6.2
· Change and Configuration Management Database 7.2, 7.1

|

Products Listed Above

—|—
CVE|APAR|7.5|7.1 / 7.2|6.2
CVE-2013-0451| IV24726| N/A| Fix pending| Fix pending
CVE-2013-3047| IV35721| Fixed| Fixed| N/A
CVE-2013-3048| IV36375| Fixed| Fix pending| Fix pending
CVE-2013-3049| IV37599| Fixed| Fix pending| N/A
CVE-2012-3323| IV23506| Fixed| Fixed| Fixed
CVE-2013-3971| IV37459| Fixed| Fix pending| N/A
CVE-2013-3972| IV39089| Fixed| Fixed| N/A
CVE-2013-3973| IV39184| Fixed| Fixed| N/A
CVE-2013-4013| IV39202| Fixed| Fix pending| Fix pending
CVE-2013-4014| IV39515| Fixed| Fixed| Fix pending
CVE-2013-4017| IV42682| N/A| Fixed| N/A
CVE-2013-4018| IV42684| Fixed| Fixed| Fix pending
CVE-2013-4019| IV42664| N/A| Fixed| Fix pending
CVE-2013-4020| IV42775| Fixed| Fix pending| Fix pending
CVE-2013-4021| IV42816| Fixed| Fixed| Fix pending
CVE-2013-4027| IV43491| Fixed| Fix pending| Fix pending
CVE-2013-5380| IV33364| Fixed| Fixed| Fix pending
CVE-2013-5381| IV35394| Fixed| Fix pending| Fix pending
CVE-2013-5382| IV40210| Fixed| Fixed| Fix pending
CVE-2013-5383| IV40704| Fixed| Fixed| Fix pending
CVE-2013-5395| IV32526| Fixed| Fixed| Fix pending
N/A in this table means that the vulnerability does not exist in that release

It is likely that earlier versions of affected products are also affected by these vulnerabilities. Remediation is not provided for product versions that are no longer supported. IBM recommends that customers upgrade to the latest supported version of products in order to obtain remediation for the vulnerabilities.

REMEDIATION:

_VENDOR FIXES: _
The recommended solution is to download the appropriate Interim Fix or Fix Pack from Fix Central (What is Fix Central?) and apply for each affected product as soon as possible. Please see below for information on the fixes available for each product, version, and release. Follow the installation instructions in the ‘readme’ documentation provided with each fix pack or interim fix.

**For Maximo Asset Management and Maximo Asset Management Essentials 7.5, 7.1, 6.2:**VRMF Fix Pack or Interim Fix Vulnerability APARs **Download **
7.5.0.5 Maximo 7.5.0.5 Fix Pack:
7.5.0.5-TIV-MAM-FP005 IV35721, IV36375, IV37599, IV23506, IV37459, IV39089, IV39184, IV39202, IV39515, IV42684, IV42775, IV42816, IV43491, IV33364, IV40210, IV40704, IV32526 FixCentral
7.5.0.4 Maximo 7.5.0.4 Fix Pack:
7.5.0.4-TIV-MAM-IFIX005 or latest Interim Fix available IV23506 FixCentral
7.5.0.3 Maximo 7.5.0.3 Interim Fix:
7.5.0.3-TIV-MAM-IFIX006 or latest Interim Fix available IV36375, IV23506, IV42775, IV35394 FixCentral
7.5.0.2 Maximo 7.5.0.2 Interim Fix:
7.5.0.2-TIV-MAM-IFIX023 or latest Interim Fix available IV39202 FixCentral
7.1.1.12 7.1.1.12 Interim Fix:
MBS_71112_LAFIX.20130903-1142 or latest Interim Fix available IV35721, IV23506, IV39089, IV33364, IV32526 Contact IBM Support
6.2.8 6.2.8 Interim Fix:
Maximo_6.2.8_LAFix_20120725-1611 or latest Interim Fix available
Note: Maximo 6.2 IFs can be applied to Maximo Industry Solutions 6.2 – 6.5 IV35721, IV23506 Contact IBM Support
**For SmartCloud Control Desk 7.5:**VRMF Fix Pack or Interim Fix Vulnerability APARs **Download **
7.5.0.3 SmartCloud Control Desk 7.5.0.3 Fix Pack:
7.5.0.3-TIV-SCCD-AIX-FP0003
7.5.0.3-TIV-SCCD-Linux-FP0003
7.5.0.3-TIV-SCCD-Windows-FP0003 IV35721, IV36375, IV37599, IV23506, IV37459, IV39089, IV39184, IV39202, IV39515, IV42684, IV42775, IV42816, IV43491, IV33364, IV40210, IV40704, IV32526 FixCentral
when available
7.5.1.1 SmartCloud Control Desk 7.5.1.1 Release IV35721, IV36375, IV37599, IV23506, IV37459, IV39089, IV39184, IV39202, IV39515, IV42684, IV42775, IV42816, IV43491, IV33364, IV40210, IV40704, IV32526 Passport Advantage
For Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database 7.2, 7.1, 6.2****VRMF Fix Pack or Interim Fix Vulnerability APARs **Download **
7.1.1.12 7.1.1.12 Interim Fix:
MBS_71112_LAFIX.20130903-1142 or latest Interim Fix available
Note: MBS 7.1 IFs can be applied to 7.1 or 7.2 IV35721, IV23506, IV39089, IV33364, IV32526 Contact IBM Support
6.2.8 6.2.8 Interim Fix:
Maximo_6.2.8_LAFix_20120725-1611 or latest Interim Fix available IV35721, IV23506 Contact IBM Support

If assistance is needed in determining the appropriate Fix Pack or Interim Fix level, contact IBM Technical Support. It is recommended that you always request the latest available Fix Pack or Interim Fix.

Due to the threat posed by a successful attack, IBM strongly recommends that customers apply fixes as soon as possible.

WORKAROUNDS AND MITIGATIONS:
Until you apply the fixes, it may be possible to reduce the risk of successful attack by restricting network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from unprivileged users may help reduce the risk of successful attack. Both approaches may break application functionality, so IBM strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem.

REFERENCES:
Complete CVSS Guide
On-line Calculator V2

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _
**

Note: _**According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

RELATED INFORMATION:

ACKNOWLEDGEMENTS:
None

Change History

25 Sep 2013| Flash published

**CROSS REFERENCE INFORMATION:**Segment Product Component/Platform Version
Systems and Asset Management Maximo Asset Management All 6.2.0 – 6.2.8
7.1.1.0 – 7.1.1.11
7.5.0.0 – 7.5.0.5
Systems and Asset Management Maximo Asset Management Essentials All 7.1.1.0 – 7.1.1.11
7.5.0.0 – 7.5.0.5
Systems and Asset Management Maximo for Government All 6.1.0.0
7.1.0.0
7.5.0.0
Systems and Asset Management Maximo for Nuclear Power All 6.3.0
7.1.0.0 – 7.1.1.0
7.5.0.0 – 7.5.1.0
Systems and Asset Management Maximo for Transportation All 6.3.0
7.1.0.0 – 7.1.1.0
7.5.0.0 – 7.5.1.0
Systems and Asset Management Maximo for Life Sciences All 6.4.0 – 6.5.0
7.1.0.0 – 7.1.2.0
7.5.0.0
Systems and Asset Management Maximo for Oil and Gas All 6.3.0 – 6.4.0
7.1.0.0 – 7.1.2.0
7.5.0.0 – 7.5.1.0
Systems and Asset Management Maximo for Utilities All 6.3.0
7.1.0.0 – 7.1.2.0
7.5.0.0 – 7.5.0.1
Systems and Asset Management Tivoli Service Request Manager

Maximo Service Desk| All| 7.1.0.0 – 7.1.1.11
7.2.0.0 – 7.2.1.4
6.2.0 – 6.2.8
Systems and Asset Management| Tivoli Asset Management for IT | All| 6.2.0 – 6.2.8
7.1.0.0 – 7.1.1.11
7.2.0.0 – 7.2.2.1
Systems and Asset Management| Change and Configuration Management Database| All| 7.1.0.0 – 7.1.1.11
7.2.0.0 – 7.2.1.3
Systems and Asset Management| SmartCloud Control Desk| All| 7.5.0.0 – 7.5.0.3
7.5.1.0 – 7.5.1.1

[{“Product”:{“code”:“SSLKT6”,“label”:“IBM Maximo Asset Management”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:“–”,“Platform”:[{“code”:“PF025”,“label”:“Platform Independent”}],“Version”:“6.2;6.2.1;6.2.2;6.2.3;6.2.4;6.2.5;6.2.6;6.2.7;6.2.8;7.1;7.1.1;7.1.2;7.2;7.2.1;7.5”,“Edition”:“”,“Line of Business”:{“code”:“LOB59”,“label”:“Sustainability Software”}},{“Product”:{“code”:“SSWK4A”,“label”:“Maximo Asset Management Essentials”},“Business Unit”:{“code”:“BU055”,“label”:“Cognitive Applications”},“Component”:" “,“Platform”:[{“code”:”“,“label”:”“}],“Version”:”“,“Edition”:”“,“Line of Business”:{“code”:“LOB59”,“label”:“Sustainability Software”}},{“Product”:{“code”:“SSMQTP”,“label”:“Maximo for Government”},“Business Unit”:{“code”:“BU055”,“label”:“Cognitive Applications”},“Component”:” “,“Platform”:[{“code”:”“,“label”:”“}],“Version”:”“,“Edition”:”“,“Line of Business”:{“code”:“LOB59”,“label”:“Sustainability Software”}},{“Product”:{“code”:“SSLL8M”,“label”:“Maximo for Nuclear Power”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:” “,“Platform”:[{“code”:”“,“label”:”“}],“Version”:”“,“Edition”:”“,“Line of Business”:{“code”:“LOB59”,“label”:“Sustainability Software”}},{“Product”:{“code”:“SSLL9Z”,“label”:“Maximo for Transportation”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:” “,“Platform”:[{“code”:”“,“label”:”“}],“Version”:”“,“Edition”:”“,“Line of Business”:{“code”:“LOB59”,“label”:“Sustainability Software”}},{“Product”:{“code”:“SSLL84”,“label”:“Maximo for Life Sciences”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:” “,“Platform”:[{“code”:”“,“label”:”“}],“Version”:”“,“Edition”:”“,“Line of Business”:{“code”:“LOB59”,“label”:“Sustainability Software”}},{“Product”:{“code”:“SSLL9G”,“label”:“Maximo for Oil and Gas”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:” “,“Platform”:[{“code”:”“,“label”:”“}],“Version”:”“,“Edition”:”“,“Line of Business”:{“code”:“LOB59”,“label”:“Sustainability Software”}},{“Product”:{“code”:“SSLLAM”,“label”:“Maximo for Utilities”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:” “,“Platform”:[{“code”:”“,“label”:”“}],“Version”:”“,“Edition”:”“,“Line of Business”:{“code”:“LOB59”,“label”:“Sustainability Software”}},{“Product”:{“code”:“SS6HJK”,“label”:“Tivoli Service Request Manager”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:” “,“Platform”:[{“code”:”“,“label”:”“}],“Version”:”“,“Edition”:”“,“Line of Business”:{“code”:“LOB59”,“label”:“Sustainability Software”}},{“Product”:{“code”:“SSLKTY”,“label”:“Maximo Asset Management for IT”},“Business Unit”:{“code”:“BU053”,“label”:“Cloud \u0026 Data Platform”},“Component”:” “,“Platform”:[{“code”:”“,“label”:”“}],“Version”:”“,“Edition”:”“,“Line of Business”:{“code”:“LOB59”,“label”:“Sustainability Software”}},{“Product”:{“code”:“SSKTXT”,“label”:“Tivoli Change and Configuration Management Database”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:” “,“Platform”:[{“code”:”“,“label”:”“}],“Version”:”“,“Edition”:”“,“Line of Business”:{“code”:“LOB59”,“label”:“Sustainability Software”}},{“Product”:{“code”:“SSWT9A”,“label”:“IBM Control Desk”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:” “,“Platform”:[{“code”:”“,“label”:”“}],“Version”:”“,“Edition”:”",“Line of Business”:{“code”:“LOB59”,“label”:“Sustainability Software”}}]

Affected configurations

Vulners
Node
ibmmaximo_asset_managementMatch6.2
OR
ibmmaximo_asset_managementMatch6.2.1
OR
ibmmaximo_asset_managementMatch6.2.2
OR
ibmmaximo_asset_managementMatch6.2.3
OR
ibmmaximo_asset_managementMatch6.2.4
OR
ibmmaximo_asset_managementMatch6.2.5
OR
ibmmaximo_asset_managementMatch6.2.6
OR
ibmmaximo_asset_managementMatch6.2.7
OR
ibmmaximo_asset_managementMatch6.2.8
OR
ibmmaximo_asset_managementMatch7.1
OR
ibmmaximo_asset_managementMatch7.1.1
OR
ibmmaximo_asset_managementMatch7.1.2
OR
ibmmaximo_asset_managementMatch7.2
OR
ibmmaximo_asset_managementMatch7.2.1
OR
ibmmaximo_asset_managementMatch7.5
OR
ibmmaximo_asset_management_essentialsMatchany
OR
ibmmaximo_for_governmentMatchany
OR
ibmmaximo_for_nuclear_powerMatchany
OR
ibmmaximo_for_transportationMatchany
OR
ibmmaximo_for_life_sciencesMatchany
OR
ibmmaximo_for_oil_and_gasMatchany
OR
ibmmaximo_for_utilitiesMatchany
OR
ibmtivoli_service_request_managerMatchany
OR
ibmmaximo_asset_managementMatchany
OR
ibmtivoli_change_and_configuration_management_databaseMatchany
OR
ibmcontrol_deskMatchany

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

83.1%

Related for 08A29F46834AFA86A6AA4DC93AF4EFD8AE25757E46E0D8369F58AB4F578B9B87