IBM Maximo Anywhere CVE-2019-4265 Information Disclosure Vulnerability

Description

IBM Maximo Anywhere is prone to an information-disclosure vulnerability. Attackers can exploit this issue to view sensitive information. Information obtained may lead to further attacks. IBM Maximo Anywhere versions 7.6.0, 7.6.1, 7.6.2, and 7.6.3 are vulnerable.

Technologies Affected

• IBM Maximo Anywhere 7.6.0.0
• IBM Maximo Anywhere 7.6.1.0
• IBM Maximo Anywhere 7.6.2.0
• IBM Maximo Anywhere 7.6.3.0

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
To exploit this vulnerability, an attacker requires local interactive access to an affected computer. Grant local access for trusted and accountable users only.

Block external access at the network boundary, unless external parties require service.
Filter access to the affected computer at the network boundary if global access isn’t needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.

Updates are available. Please see the references or vendor advisory for more information.