Medium Severity

Security Bulletin: IBM Maximo Asset Management is vulnerable to authentication bypass (CVE-2022-40616)

Share this post:

IBM Maximo Asset Management is vulnerable to authentication bypass.

CVE(s): CVE-2022-40616

Affected product(s) and affected version(s):

This vulnerability affects the following versions of the IBM Maximo Asset Management core product.

Product versions affected:

Affected Product(s) Version(s)
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3

* To determine the core product version, log in and view System Information. The core product version is the "Tivoli's process automation engine" version. Please consult the Platform Matrix for a list of supported product combinations.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6621599
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/236311

More stories

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tomcat

November 30, 2022 | Medium Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Tomcat. ...read more


Security Bulletin: IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to information disclosure and weaker security (CVE-2022-43901, CVE-2022-43900)

November 30, 2022 | Medium Severity

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps could disclose sensitive information and contain weaker than expected security. This has been addressed. ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python

November 30, 2022 | Medium Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python. ...read more