Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to incorrect default permissions (CVE-2022-46774)

Summary

Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to incorrect default permissions.

Vulnerability Details

CVEID:CVE-2022-46774
**DESCRIPTION:**IBM Manage Application in the IBM Maximo Applicaiton Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242953 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Product versions affected:

Remediation/Fixes

See Workarounds and Mitigations

Workarounds and Mitigations

In Manage 8.4:

Before proceeding, ensure that security is configured for all object structures. After the following change is implemented, no access is permitted except through explicitly defined security.
1. Go to the System Properties application and locate the property mxe.int.enableosauth.
2. Set the value for that property to 1 and save.
3. Live refresh the property value.

In Manage 8.5:

No manual steps are required. The property is set securely and cannot be changed in the System Properties application.