2 matches found
Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to view work logs during purchase orders that they should not have access to (CVE-2016-0222)
Summary IBM Maximo Asset Management could allow an authenticated user to view work logs during purchase orders that they should not have access to. Vulnerability Details CVEID: CVE-2016-0222 DESCRIPTION: IBM Maximo Asset Management could allow an authenticated user to view work logs during purcha...
CVE-2016-0222
IBM Maximo Asset Management 7.6 is affected by CVE-2016-0222; versions prior to 7.6.0.3 IFIX001 allow an authenticated remote user to bypass access controls and read arbitrary purchase-order work logs via unspecified vectors. The IBM advisory recommends applying the corresponding Fix Central inte...