A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Change_and_configuration_management_database | Ibm | 7.1 (including) | 7.1 (including) |
| Change_and_configuration_management_database | Ibm | 7.2 (including) | 7.2 (including) |
| Maximo_asset_management | Ibm | 6.2 (including) | 6.2 (including) |
| Maximo_asset_management | Ibm | 7.1 (including) | 7.1 (including) |
| Maximo_asset_management | Ibm | 7.5 (including) | 7.5 (including) |
| Maximo_asset_management_essentials | Ibm | 6.2 (including) | 6.2 (including) |
| Maximo_asset_management_essentials | Ibm | 7.1 (including) | 7.1 (including) |
| Maximo_asset_management_essentials | Ibm | 7.5 (including) | 7.5 (including) |
| Maximo_for_government | Ibm | 6.2 (including) | 6.2 (including) |
| Maximo_for_government | Ibm | 7.1 (including) | 7.1 (including) |
| Maximo_for_government | Ibm | 7.5 (including) | 7.5 (including) |
| Maximo_for_life_sciences | Ibm | 6.2 (including) | 6.2 (including) |
| Maximo_for_life_sciences | Ibm | 6.4 (including) | 6.4 (including) |
| Maximo_for_life_sciences | Ibm | 6.5 (including) | 6.5 (including) |
| Maximo_for_life_sciences | Ibm | 7.1 (including) | 7.1 (including) |
| Maximo_for_life_sciences | Ibm | 7.5 (including) | 7.5 (including) |
| Maximo_for_nuclear_power | Ibm | 6.2 (including) | 6.2 (including) |
| Maximo_for_nuclear_power | Ibm | 6.3 (including) | 6.3 (including) |
| Maximo_for_nuclear_power | Ibm | 7.1 (including) | 7.1 (including) |
| Maximo_for_nuclear_power | Ibm | 7.5 (including) | 7.5 (including) |
| Maximo_for_oil_and_gas | Ibm | 6.2 (including) | 6.2 (including) |
| Maximo_for_oil_and_gas | Ibm | 6.3 (including) | 6.3 (including) |
| Maximo_for_oil_and_gas | Ibm | 6.4 (including) | 6.4 (including) |
| Maximo_for_oil_and_gas | Ibm | 7.1 (including) | 7.1 (including) |
| Maximo_for_oil_and_gas | Ibm | 7.5 (including) | 7.5 (including) |
| Maximo_for_transportation | Ibm | 6.2 (including) | 6.2 (including) |
| Maximo_for_transportation | Ibm | 6.3 (including) | 6.3 (including) |
| Maximo_for_transportation | Ibm | 7.1 (including) | 7.1 (including) |
| Maximo_for_transportation | Ibm | 7.5 (including) | 7.5 (including) |
| Maximo_for_utilities | Ibm | 6.2 (including) | 6.2 (including) |
| Maximo_for_utilities | Ibm | 6.3 (including) | 6.3 (including) |
| Maximo_for_utilities | Ibm | 7.1 (including) | 7.1 (including) |
| Maximo_for_utilities | Ibm | 7.5 (including) | 7.5 (including) |
| Maximo_service_desk | Ibm | 6.2 (including) | 6.2 (including) |
| Smartcloud_control_desk | Ibm | 7.5 (including) | 7.5 (including) |
| Tivoli_asset_management_for_it | Ibm | 6.2 (including) | 6.2 (including) |
| Tivoli_asset_management_for_it | Ibm | 7.1 (including) | 7.1 (including) |
| Tivoli_asset_management_for_it | Ibm | 7.2 (including) | 7.2 (including) |
| Tivoli_service_request_manager | Ibm | 7.1 (including) | 7.1 (including) |
| Tivoli_service_request_manager | Ibm | 7.2 (including) | 7.2 (including) |