Vulnerabilities > CVE-2018-1524 - Insecure Default Initialization of Resource vulnerability in IBM products

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

ibm

CWE-1188

critical

NVD

Published: 2018-08-03

Updated: 2019-10-09

Summary

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Maximo Asset Management 7.6.0.0 IBM Maximo Asset Management 7.6.0.1 IBM Maximo Asset Management 7.6.0.2 IBM Maximo Asset Management 7.6.0.3 IBM Maximo Asset Management 7.6.0.4 IBM Maximo Asset Management 7.6.0.5 IBM Maximo Asset Management 7.6.0.6 IBM Maximo Asset Management 7.6.0.7 IBM Maximo Asset Management 7.6.0.8 IBM Maximo Asset Management 7.6.0.9 IBM Maximo Asset Management 7.6.0.10 IBM Maximo Asset Management 7.6.1 IBM Maximo Asset Management 7.6.1.0 IBM Maximo Asset Management 7.6.1.1 IBM Maximo Asset Management 7.6.2 IBM Maximo Asset Management 7.6.3 IBM Maximo Asset Management 7.6.3.0 IBM Maximo FOR Aviation 7.6.0.0 IBM Maximo FOR Aviation 7.6.1.0 IBM Maximo FOR Aviation 7.6.2.0 IBM Maximo FOR Aviation 7.6.2.1 IBM Maximo FOR Aviation 7.6.3.0 IBM Maximo FOR Life Sciences 7.6.0.0 IBM Maximo FOR Nuclear Power 7.6.0.0 IBM Maximo FOR OIL AND GAS 7.5.0.0 IBM Maximo FOR OIL AND GAS 7.6.0.0 IBM Maximo FOR Transportation 7.6.1.0 IBM Maximo FOR Transportation 7.6.2.0 IBM Maximo FOR Transportation 7.6.2.1 IBM Maximo FOR Transportation 7.6.2.2 IBM Maximo FOR Transportation 7.6.2.3 IBM Maximo FOR Transportation 7.6.2.4 IBM Maximo FOR Utilities 7.6.0.0 IBM Smartcloud Control Desk 7.6.0.0 IBM Smartcloud Control Desk 7.6.0.1	35

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References