IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Control_desk | Ibm | 7.6.0 (including) | 7.6.0 (including) |
| Control_desk | Ibm | 7.6.0.1 (including) | 7.6.0.1 (including) |
| Maximo_asset_management | Ibm | 7.6 (including) | 7.6 (including) |
| Maximo_for_aviation | Ibm | 7.6 (including) | 7.6 (including) |
| Maximo_for_aviation | Ibm | 7.6.1 (including) | 7.6.1 (including) |
| Maximo_for_aviation | Ibm | 7.6.2 (including) | 7.6.2 (including) |
| Maximo_for_aviation | Ibm | 7.6.2.1 (including) | 7.6.2.1 (including) |
| Maximo_for_aviation | Ibm | 7.6.3 (including) | 7.6.3 (including) |
| Maximo_for_life_sciences | Ibm | 7.6 (including) | 7.6 (including) |
| Maximo_for_nuclear_power | Ibm | 7.6.0 (including) | 7.6.0 (including) |
| Maximo_for_oil_and_gas | Ibm | 7.6.0 (including) | 7.6.0 (including) |
| Maximo_for_transportation | Ibm | 7.6.1 (including) | 7.6.1 (including) |
| Maximo_for_transportation | Ibm | 7.6.2 (including) | 7.6.2 (including) |
| Maximo_for_transportation | Ibm | 7.6.2.1 (including) | 7.6.2.1 (including) |
| Maximo_for_transportation | Ibm | 7.6.2.2 (including) | 7.6.2.2 (including) |
| Maximo_for_transportation | Ibm | 7.6.2.3 (including) | 7.6.2.3 (including) |
| Maximo_for_transportation | Ibm | 7.6.2.4 (including) | 7.6.2.4 (including) |
| Maximo_for_utilities | Ibm | 7.6 (including) | 7.6 (including) |
| Smartcloud_control_desk | Ibm | - (including) | - (including) |
| Tivoli_integration_composer | Ibm | - (including) | - (including) |