Vulnerabilities > CVE-2019-4446 - Missing Authorization vulnerability in IBM products

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

ibm

CWE-862

NVD

Published: 2020-04-17

Updated: 2021-07-21

Summary

IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Control Desk 7.6.1 IBM Control Desk 7.6.1.1 IBM Maximo Asset Configuration Manager 7.6.6 IBM Maximo Asset Configuration Manager 7.6.7 IBM Maximo Asset Configuration Manager 7.6.7.1 IBM Maximo Asset Health Insights 7.6.1 IBM Maximo Asset Health Insights 7.6.1.1 IBM Maximo Asset Management 7.6.0 IBM Maximo Asset Management 7.6.1 IBM Maximo Asset Management 7.6.1.1 IBM Maximo Asset Management Scheduler 7.6.7 IBM Maximo Asset Management Scheduler 7.6.7.3 IBM Maximo Asset Management Scheduler 7.6.7.1 IBM Maximo FOR Life Sciences 7.6 IBM Maximo FOR Transportation 7.6.2.3 IBM Maximo FOR Transportation 7.6.2.4 IBM Maximo FOR Transportation 7.6.2.5 IBM Maximo FOR OIL AND GAS 7.6.1 IBM Maximo FOR Aviation 7.6.8 IBM Maximo FOR Aviation 7.6.7 IBM Maximo FOR Aviation 7.6.6 IBM Maximo FOR Utilities 7.6.0.1 IBM Maximo FOR Utilities 7.6.0.2 IBM Maximo FOR Nuclear Power 7.6.1 IBM Maximo FOR Service Providers 7.6.3.3 IBM Maximo FOR Service Providers 7.6.3.2 IBM Maximo FOR Service Providers 7.6.3.1 IBM Maximo Enterprise Adapter 7.6 IBM Maximo Enterprise Adapter 7.6.1 IBM Maximo Calibration 7.6 IBM Maximo Asset Management Scheduler Plus 7.6.7.3 IBM Maximo Asset Management Scheduler Plus 7.6.7.1 IBM Maximo Asset Management Scheduler Plus 7.6.7 IBM Maximo Equipment Maintenance Assistant ON Premises - IBM Maximo Linear Asset Manager 7.6.0.3 IBM Maximo Linear Asset Manager 7.6.0.2 IBM Maximo Linear Asset Manager 7.6.0.1 IBM Maximo Network ON Blockchain 7.6.0.1 IBM Maximo Network ON Blockchain 7.6.0.0 IBM Tivoli Integration Composer 7.6	40

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References