Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7F8D2CF4F6A3DBFFCDB4DBE155E228B4735E242D6C0C06307788501497A09A69
HistoryFeb 15, 2022 - 3:40 p.m.

Security Bulletin: IBM Maximo Anywhere Discloses Sensitive Information in Local Storage

2022-02-1515:40:39
www.ibm.com
5

0.001 Low

EPSS

Percentile

19.5%

JSON

Summary

IBM Maximo Anywhere application stores the username in local storage as directory names to store user specific attachments.

Vulnerability Details

CVEID:CVE-2019-4351
**DESCRIPTION:**IBM Maximo Anywhere applications could disclose sensitive information to a user with physical access to the device.
CVSS Base score: 2.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161493 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Maximo Anywhere IBM Maximo Anywhere 7.6.4

Remediation/Fixes

See Workarounds and Mitigations Section

Workarounds and Mitigations

Ensure the following mobile device security configurations are implemented to prevent exploitation of this vulnerability: password protection, device encryption, and having company devices running on an MDM so the end users do not access to the device file system.

CPENameOperatorVersion
maximo anywhereeq7.6.4.0

Related

prion 1
cve 1
cnvd 1
nvd 1
cvelist 1
prion
prion
Design/Logic Flaw
2022-02-16 17:15:00
cve
cve
CVE-2019-4351
2022-02-16 17:15:09
cnvd
cnvd
IBM Maximo Anywhere Information Disclosure Vulnerability (CNVD-2022-56488)
2022-02-18 00:00:00
nvd
nvd
CVE-2019-4351
2022-02-16 17:15:09
cvelist
cvelist
CVE-2019-4351
2022-02-15 00:00:00

0.001 Low

EPSS

Percentile

19.5%

JSON
Related for 7F8D2CF4F6A3DBFFCDB4DBE155E228B4735E242D6C0C06307788501497A09A69
prion1cve1cnvd1nvd1cvelist1