IBM Maximo Asset Management is vulnerable to authentication bypass.
CVEID: CVE-2022-40616
DESCRIPTION: IBM Maximo Asset Management could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to.
CVSS Base score: 6.5
CVSS Temporal Score: See:
https://exchange.xforce.ibmcloud.com/vulnerabilities/236311 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
This vulnerability affects the following versions of the IBM Maximo Asset Management core product.
Product versions affected:
| Affected Product(s) |
Version(s) |
| IBM Maximo Asset Management |
7.6.1.1, 7.6.1.2, 7.6.1.3 |
* To determine the core product version, log in and view System Information. The core product version is the "Tivoli's process automation engine" version. Please consult the Platform Matrix for a list of supported product combinations.
See Workarounds and Mitigations section.
Before proceeding, ensure that security is configured for all object structures. After the following change is implemented, no access is permitted except through explicitly defined security.
1. Go to the System Properties application and locate the property mxe.int.enableosauth.
2. Set the value for that property to 1 and save.
3. Live refresh the property value.
References
Off
20 Sep 2022: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
[{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSLKT6","label":"IBM Maximo Asset Management"},"ARM Category":[{"code":"a8m0z000000cvcNAAQ","label":"Security"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.6.1","Type":"MASTER"},{"Line of Business":{"code":"","label":""},"Business Unit":{"code":"BU005","label":"IoT"},"Product":{"code":"SSKVFR","label":"Maximo for Service Providers"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.6.3.3, 7.6.3.2, 7.6.3.1"},{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSLL8M","label":"Maximo for Nuclear Power"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.6.1"},{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSLL9G","label":"Maximo for Oil and Gas"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.6.1"},{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSLL9Z","label":"Maximo for Transportation"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.6.2.5, 7.6.2.4, 7.6.2.3"},{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS5RRF","label":"IBM Maximo for Aviation"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.6.8, 7.6.7, 7.6.6"},{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSLL84","label":"Maximo for Life Sciences"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.6"},{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSLLAM","label":"Maximo for Utilities"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.6.0.2, 7.6.0.1"},{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSG2D3","label":"Maximo Spatial Asset Management"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.6.0.5, 7.6.0.4, 7.6.0.3, 7.6.0.2"},{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSLKSJ","label":"Maximo Asset Configuration Manager"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.6.7.1, 7.6.7, 7.6.6"},{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSWT9A","label":"IBM Control Desk"},"ARM Category":[{"code":"a8m0z000000bntEAAQ","label":"Miscellaneous Category (Portal, UI, Maximo, Install)-\u003ESecurity"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.6.1","Type":"MASTER"}]