Vulnerability Name: | CVE-2016-0289 (CCN-111298) | ||||||||||||
Assigned: | 2015-12-08 | ||||||||||||
Published: | 2016-03-22 | ||||||||||||
Updated: | 2016-04-06 | ||||||||||||
Summary: | shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors. | ||||||||||||
CVSS v3 Severity: | 4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) 3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
| ||||||||||||
Vulnerability Type: | CWE-284 | ||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2016-0289 Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21979519 Source: CCN Type: IBM Security Bulletin 1979519 (Maximo Asset Management) IBM Maximo Asset Management could allow an authenticated user to select items within the system that they should not have permission to do so (CVE-2016-0289) Source: XF Type: UNKNOWN ibm-maximo-cve20160289-sec-bypass(111298) | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |