Security News > 2020 > June > Flaw in IBM Asset Management Product Facilitates Attacks on Corporate Networks

Flaw in IBM Asset Management Product Facilitates Attacks on Corporate Networks
2020-06-19 12:59

A high-severity vulnerability patched recently by IBM in its Maximo asset management solution makes it easier for hackers to move around in enterprise networks, cybersecurity firm Positive Technologies warned on Thursday.

The security hole, tracked as CVE-2020-4529, has been described as a server-side request forgery issue that allows an authenticated attacker to send unauthorized requests from a system, which IBM says can facilitate other attacks.

The flaw impacts Maximo Asset Management 7.6.0 and 7.6.1 and possibly older versions.

Maximo Asset Management is designed to help organizations in asset-intensive industries manage physical assets.

"IBM Maximo web interfaces are usually accessible from all of a company's warehouses, which could be located in multiple regions or countries. So if our 'warehouse worker' or equivalent connects through a properly configured VPN, that person's access within the corporate network is restricted to what they need- from that particular system and email, for example," explained Positive Technologies researcher Arseny Sharoglazov.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/PqYkU1ZmJXU/flaw-ibm-asset-management-product-facilitates-attacks-corporate-networks

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-06-08 CVE-2020-4529 Server-Side Request Forgery (SSRF) vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.1.0
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF).
network
low complexity
ibm CWE-918
7.4

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
IBM 736 216 2774 1264 248 4502