CVE-2015-0104

high-risk

Published 2017-04-24

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors.

Do I need to act?

2.0% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

36002

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Change And Configuration Management Database

Maximo Asset Management

Maximo For Government

Maximo For Nuclear Power

Maximo For Oil And Gas

Maximo For Transportation

Tivoli Asset Management For It

Tivoli Service Request Manager

Change And Configuration Management Database

Maximo Asset Management

Maximo Asset Management Essentials

Maximo For Life Sciences

Maximo For Utilities

Affected Vendors

Ibm

References (4)

Patch http://www-01.ibm.com/support/docview.wss?uid=swg21694974

Third Party Advisory http://www.securityfocus.com/bid/97999

Patch http://www-01.ibm.com/support/docview.wss?uid=swg21694974

Third Party Advisory http://www.securityfocus.com/bid/97999

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 5/34 · Minimal

Exposure 20/34 · Moderate