CVE-2015-5016

Published Mar 27, 2018

Last updated 7 years ago

CVSS medium 4.3

Overview

Description: IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.
Source: psirt@us.ibm.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925"
          },
          {
            "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9"
          },
          {
            "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3"
          },
          {
            "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57"
          },
          {
            "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE"
          },
          {
            "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7759191C-5D16-4937-BC80-5A47FE4F9DD1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED"
          },
          {
            "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02"
          },
          {
            "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD"
          },
          {
            "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD"
          },
          {
            "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:control_desk:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33E903B1-43FE-4120-95E1-2108B630D49B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:control_desk:7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6282F8E2-9EFD-4CBE-8732-22659413B149"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD"
          },
          {
            "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References