Oct 25, 2019 9:04 am EST
Categorized: Medium Severity
Share this post:
After installing the Health, Safety, and Environmental add-on to IBM Maximo Asset Management, a user is granted additional privileges that they are not normally allowed to access.
Affected product(s) and affected version(s):
IBM Maximo Health, Safety, and Environment Manager 7.6.1
IBM Maximo for Oil and Gas 7.6.1
* To determine the core product version, log in and view System Information. The core product version is the “Tivoli’s process automation engine” version. Please consult the Product Coexistence Matrix for a list of supported product combinations.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/1087738
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/165948