Skip to main content

Maximo Asset Management CVE-2016-5896

MEDIUM
Information Exposure (CWE-200)
2017-02-01 psirt@us.ibm.com
5.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 01, 2017 - 20:59 cve.org
MEDIUM 5.3

DescriptionCVE.org

IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.

AnalysisAI

IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser. Affected products include: Ibm Maximo Asset Management, Ibm Maximo For Aviation, Ibm Maximo For Life Sciences, Ibm Maximo For Nuclear Power, Ibm Maximo For Oil And Gas.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2015-0104 HIGH POC
8.8 Apr 24

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database

CVE-2020-4463 HIGH POC
8.2 Jul 29

IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when proc

CVE-2015-0107 MEDIUM POC
6.5 Apr 24

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database

CVE-2017-1175 CRITICAL
9.8 Jul 05

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this v

CVE-2021-20509 CRITICAL
9.8 Aug 12

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. Rated critical severity (CVSS 9.

CVE-2020-4493 CRITICAL
9.8 Oct 05

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a

CVE-2016-9984 HIGH
8.8 Jun 13

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the

CVE-2016-9977 HIGH
8.8 Jun 07

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the fa

CVE-2016-9976 HIGH
8.4 May 03

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. Rated high sever

CVE-2020-4521 HIGH
8.8 Sep 15

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the

CVE-2018-1699 HIGH
8.8 Aug 24

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulne

CVE-2018-1524 HIGH
8.8 Aug 03

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could

Share

CVE-2016-5896 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy