CVE-2019-4048 : IBM Maximo Asset Management 7.6 could allow a physical user of the system to obt

IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.

Published 2019-06-06 01:29:00

Updated 2022-12-09 17:53:38

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2019-4048

IBM » Maximo Asset Management » Version: 7.6
cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*
Matching versions
IBM » Smartcloud Control Desk » Version: N/A
cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Nuclear Power » Version: 7.6.0
cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Transportation » Version: 7.6.2.1
cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Transportation » Version: 7.6.2.2
cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Transportation » Version: 7.6.2.3
cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Transportation » Version: 7.6.2.4
cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Transportation » Version: 7.6.2
cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Transportation » Version: 7.6.1
cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Life Sciences » Version: 7.6
cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Oil And Gas » Version: 7.6.0
cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Utilities » Version: 7.6
cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Aviation » Version: 7.6
cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Aviation » Version: 7.6.2.1
cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Aviation » Version: 7.6.1
cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Aviation » Version: 7.6.2
cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Aviation » Version: 7.6.3
cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*
Matching versions
IBM » Tivoli Integration Composer » Version: N/A
cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*
Matching versions
IBM » Control Desk » Version: 7.6.0
cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*
Matching versions
IBM » Control Desk » Version: 7.6.0.1
cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Control Desk » Version: 7.6.1
cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-4048

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-4048

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
2.1	LOW	CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	0.7	1.4	IBM Corporation
Attack Vector: Physical Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
2.1	LOW	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	0.7	1.4	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2019-4048

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-4048

https://exchange.xforce.ibmcloud.com/vulnerabilities/156311

IBM Maximo Asset Management information disclosure CVE-2019-4048 Vulnerability Report
Vendor Advisory;VDB Entry
https://www.ibm.com/support/docview.wss?uid=ibm10880147

IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Back and Refresh Attack (CVE-2019-4048)
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2019-4048

Products affected by CVE-2019-4048

Exploit prediction scoring system (EPSS) score for CVE-2019-4048

CVSS scores for CVE-2019-4048

CWE ids for CVE-2019-4048

References for CVE-2019-4048