Security News > 2020 > June > Flaw in IBM Asset Management Product Facilitates Attacks on Corporate Networks

A high-severity vulnerability patched recently by IBM in its Maximo asset management solution makes it easier for hackers to move around in enterprise networks, cybersecurity firm Positive Technologies warned on Thursday.

The security hole, tracked as CVE-2020-4529, has been described as a server-side request forgery issue that allows an authenticated attacker to send unauthorized requests from a system, which IBM says can facilitate other attacks.

The flaw impacts Maximo Asset Management 7.6.0 and 7.6.1 and possibly older versions.

Maximo Asset Management is designed to help organizations in asset-intensive industries manage physical assets.

"IBM Maximo web interfaces are usually accessible from all of a company's warehouses, which could be located in multiple regions or countries. So if our 'warehouse worker' or equivalent connects through a properly configured VPN, that person's access within the corporate network is restricted to what they need- from that particular system and email, for example," explained Positive Technologies researcher Arseny Sharoglazov.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/PqYkU1ZmJXU/flaw-ibm-asset-management-product-facilitates-attacks-corporate-networks