製品・ソフトウェアに関する情報

JVN脆弱性詳細

IBM Maximo Asset Management におけるアクセス制限を回避される脆弱性

Title	IBM Maximo Asset Management におけるアクセス制限を回避される脆弱性
Summary	IBM Maximo Asset Management には、アクセス制限を回避され、任意の注文書のワークログを読まれる脆弱性が存在します。補足情報 : CWE による脆弱性タイプは、CWE-284: Improper Access Control (不適切なアクセス制御) と識別されています。 http://cwe.mitre.org/data/definitions/284.html
Possible impacts	リモート認証されたユーザにより、アクセス制限を回避され、任意の注文書のワークログを読まれる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 26, 2016, midnight
Registration Date	March 18, 2016, 3:51 p.m.
Last Update	March 18, 2016, 3:51 p.m.

Affected System

IBM

IBM Maximo Asset Management 7.6.0.3 IFIX001 未満の 7.6

IBM Maximo for Government

IBM Maximo for Life Sciences

IBM Maximo for Nuclear Power

IBM Maximo for Oil and Gas

IBM Maximo for Transportation

IBM Maximo for Utilities

IBM SmartCloud Control Desk

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-0222	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0222
National Vulnerability Database (NVD)
2	CVE-2016-0222	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0222

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
IBM Support Document
1	1976949	http://www-01.ibm.com/support/docview.wss?uid=swg21976949

Change Log

No	Changed Details	Date of change
0	[2016年03月18日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-0222

Summary	IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.
Publication Date	March 14, 2016, 10:59 a.m.
Registration Date	Jan. 26, 2021, 2:03 p.m.
Last Update	Nov. 21, 2024, 11:41 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:::::::*
cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:::::::*
cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:::::::*
cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:::::::*
cpe:2.3:a:ibm:smartcloud_control_desk:-:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:::::::*
cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:::::::*
cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:::::::*
cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:::::::*
cpe:2.3:a:ibm:maximo_for_government:-:::::::*
cpe:2.3:a:ibm:maximo_for_life_sciences:-:::::::*
cpe:2.3:a:ibm:maximo_for_nuclear_power:-:::::::*
cpe:2.3:a:ibm:maximo_for_oil_and_gas:-:::::::*
cpe:2.3:a:ibm:maximo_for_transportation:-:::::::*
cpe:2.3:a:ibm:maximo_for_utilities:-:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://www-01.ibm.com/support/docview.wss?uid=swg21976949		Vendor Advisory
2	http://www-01.ibm.com/support/docview.wss?uid=swg21976949		Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-284	不適切なアクセス制御	https://cwe.mitre.org/data/definitions/284.html

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:::::::*
cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:::::::*
cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:::::::*
cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:::::::*
cpe:2.3:a:ibm:maximo_for_government:-:::::::*
cpe:2.3:a:ibm:maximo_for_life_sciences:-:::::::*
cpe:2.3:a:ibm:maximo_for_nuclear_power:-:::::::*
cpe:2.3:a:ibm:maximo_for_oil_and_gas:-:::::::*
cpe:2.3:a:ibm:maximo_for_transportation:-:::::::*
cpe:2.3:a:ibm:maximo_for_utilities:-:::::::*