Medium Severity

IBM Security Bulletin: IBM Maximo Health, Safety, and Environment Manager Installation Gives Application Access to Non-Authorized Users (CVE-2019-4546)

Share this post:

After installing the Health, Safety, and Environmental add-on to IBM Maximo Asset Management, a user is granted additional privileges that they are not normally allowed to access.

CVE(s): CVE-2019-4546

Affected product(s) and affected version(s):

IBM Maximo Health, Safety, and Environment Manager 7.6.1

IBM Maximo for Oil and Gas 7.6.1

* To determine the core product version, log in and view System Information. The core product version is the “Tivoli’s process automation engine” version. Please consult the Product Coexistence Matrix for a list of supported product combinations.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/1087738
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/165948

More stories

Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4161)

Feb 18, 2020 7:01 pm EST | Medium Severity

Db2 is vulnerable to a denial of service. Authenticated users can use specific commands on a Db2 server to cause the server to terminate abnormally ...read more


Security Bulletin: A vulnerability have been identified in Netty shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2019-16869)

Feb 18, 2020 7:01 pm EST | Medium Severity

Netty is a dependency component shipped with the IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library for Message Bus Integration. Information about security vulnerabilities affecting Netty has been published. (CVE-2019-16869) ...read more


Security Bulletin: A vulnerability has been identified in FasterXML Jackson library shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2019-14540)

Feb 18, 2020 7:01 pm EST | Medium Severity

FasterXML Jackson library is shipped as a component of IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library and Transformer for Message Bus Integration. Information about security vulnerabilities affecting FasterXML Jackson library has been published. ...read more