IBM Maximo Anywhere is prone to an information-disclosure vulnerability. Attackers can exploit this issue to view sensitive information. Information obtained may lead to further attacks. IBM Maximo Anywhere versions 7.6.0, 7.6.1, 7.6.2, and 7.6.3 are vulnerable.
Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
To exploit this vulnerability, an attacker requires local interactive access to an affected computer. Grant local access for trusted and accountable users only.
Block external access at the network boundary, unless external parties require service.
Filter access to the affected computer at the network boundary if global access isn’t needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.
Updates are available. Please see the references or vendor advisory for more information.
CPE | Name | Operator | Version |
---|---|---|---|
ibm maximo anywhere | eq | 7.6.1.0 | |
ibm maximo anywhere | eq | 7.6.0.0 | |
ibm maximo anywhere | eq | 7.6.2.0 | |
ibm maximo anywhere | eq | 7.6.3.0 |