Lucene search
HistoryOct 06, 2015 - 1:59 a.m.
CVE-2015-4965
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
5.6
Confidence
Low
EPSS
0.001
Percentile
34.2%
maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file.
Affected configurations
Node
ibmchange_and_configuration_management_databaseMatch7.1
ORibmchange_and_configuration_management_databaseMatch7.2
ORibmmaximo_asset_managementMatch7.1
ORibmmaximo_asset_managementMatch7.1.1
ORibmmaximo_asset_managementMatch7.1.1.1
ORibmmaximo_asset_managementMatch7.1.1.2
ORibmmaximo_asset_managementMatch7.1.1.5
ORibmmaximo_asset_managementMatch7.1.1.6
ORibmmaximo_asset_managementMatch7.1.1.7
ORibmmaximo_asset_managementMatch7.1.1.8
ORibmmaximo_asset_managementMatch7.1.1.9
ORibmmaximo_asset_managementMatch7.1.1.10
ORibmmaximo_asset_managementMatch7.1.1.11
ORibmmaximo_asset_managementMatch7.1.1.12
ORibmmaximo_asset_managementMatch7.1.1.13
ORibmmaximo_asset_managementMatch7.5.0.0
ORibmmaximo_asset_managementMatch7.5.0.1
ORibmmaximo_asset_managementMatch7.5.0.2
ORibmmaximo_asset_managementMatch7.5.0.3
ORibmmaximo_asset_managementMatch7.5.0.4
ORibmmaximo_asset_managementMatch7.5.0.5
ORibmmaximo_asset_managementMatch7.5.0.6
ORibmmaximo_asset_managementMatch7.5.0.7
ORibmmaximo_asset_managementMatch7.5.0.8
ORibmmaximo_asset_managementMatch7.6.0.0
ORibmmaximo_asset_management_essentialsMatch7.1
ORibmmaximo_asset_management_essentialsMatch7.5
ORibmmaximo_for_energy_optimizationMatch7.1
ORibmmaximo_for_governmentMatch7.1
ORibmmaximo_for_governmentMatch7.5.0.0
ORibmmaximo_for_governmentMatch7.5.0.1
ORibmmaximo_for_governmentMatch7.5.0.2
ORibmmaximo_for_governmentMatch7.5.0.3
ORibmmaximo_for_governmentMatch7.5.0.4
ORibmmaximo_for_governmentMatch7.5.0.5
ORibmmaximo_for_governmentMatch7.5.0.6
ORibmmaximo_for_life_sciencesMatch7.1
ORibmmaximo_for_life_sciencesMatch7.5.0.0
ORibmmaximo_for_life_sciencesMatch7.5.0.1
ORibmmaximo_for_life_sciencesMatch7.5.0.2
ORibmmaximo_for_life_sciencesMatch7.5.0.3
ORibmmaximo_for_life_sciencesMatch7.5.0.4
ORibmmaximo_for_life_sciencesMatch7.5.0.5
ORibmmaximo_for_life_sciencesMatch7.5.0.6
ORibmmaximo_for_nuclear_powerMatch7.1
ORibmmaximo_for_nuclear_powerMatch7.5.0.0
ORibmmaximo_for_nuclear_powerMatch7.5.0.1
ORibmmaximo_for_nuclear_powerMatch7.5.0.2
ORibmmaximo_for_nuclear_powerMatch7.5.0.3
ORibmmaximo_for_nuclear_powerMatch7.5.0.4
ORibmmaximo_for_nuclear_powerMatch7.5.0.5
ORibmmaximo_for_nuclear_powerMatch7.5.0.6
ORibmmaximo_for_oil_and_gasMatch7.1
ORibmmaximo_for_oil_and_gasMatch7.5.0.0
ORibmmaximo_for_oil_and_gasMatch7.5.0.1
ORibmmaximo_for_oil_and_gasMatch7.5.0.2
ORibmmaximo_for_oil_and_gasMatch7.5.0.3
ORibmmaximo_for_oil_and_gasMatch7.5.0.4
ORibmmaximo_for_oil_and_gasMatch7.5.0.5
ORibmmaximo_for_oil_and_gasMatch7.5.0.6
ORibmmaximo_for_transportationMatch7.1
ORibmmaximo_for_transportationMatch7.5.0.0
ORibmmaximo_for_transportationMatch7.5.0.1
ORibmmaximo_for_transportationMatch7.5.0.2
ORibmmaximo_for_transportationMatch7.5.0.3
ORibmmaximo_for_transportationMatch7.5.0.4
ORibmmaximo_for_transportationMatch7.5.0.5
ORibmmaximo_for_transportationMatch7.5.0.6
ORibmmaximo_for_utilitiesMatch7.1
ORibmmaximo_for_utilitiesMatch7.5.0.0
ORibmmaximo_for_utilitiesMatch7.5.0.1
ORibmmaximo_for_utilitiesMatch7.5.0.2
ORibmmaximo_for_utilitiesMatch7.5.0.3
ORibmmaximo_for_utilitiesMatch7.5.0.4
ORibmmaximo_for_utilitiesMatch7.5.0.5
ORibmmaximo_for_utilitiesMatch7.5.0.6
ORibmsmartcloud_control_deskMatch7.5
ORibmtivoli_asset_management_for_itMatch7.1
ORibmtivoli_asset_management_for_itMatch7.2
ORibmtivoli_service_request_managerMatch7.1.0
ORibmtivoli_service_request_managerMatch7.2.0.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | change_and_configuration_management_database | 7.1 | cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:* |
| ibm | change_and_configuration_management_database | 7.2 | cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:* |
| ibm | maximo_asset_management | 7.1 | cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:* |
| ibm | maximo_asset_management | 7.1.1 | cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:* |
| ibm | maximo_asset_management | 7.1.1.1 | cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:* |
| ibm | maximo_asset_management | 7.1.1.2 | cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:* |
| ibm | maximo_asset_management | 7.1.1.5 | cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:* |
| ibm | maximo_asset_management | 7.1.1.6 | cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:* |
| ibm | maximo_asset_management | 7.1.1.7 | cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:* |
| ibm | maximo_asset_management | 7.1.1.8 | cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2015-4965
2015-10-05 10:00:00
ibm
ibm
prion
prion
Code injection
2015-10-06 01:59:00
cve
cve
CVE-2015-4965
2015-10-06 01:59:11
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
5.6
Confidence
Low
EPSS
0.001
Percentile
34.2%
Related for NVD:CVE-2015-4965