cnvd - cnvd-2015-07890

CNVD-2015-07890

Vulnerability from cnvd - Published: 2015-12-03

Title

多款IBM产品密码过期漏洞

Description

IBM Maximo Asset Management等都是美国IBM公司的产品。Maximo Asset Management和Maximo Asset Management Essentials都是综合性资产生命周期和维护管理解决方案。SmartCloud Control Desk（SCCD）是一套统一资产和服务管理软件，Tivoli IT Asset Management for IT是一套IT资产管理解决方案。Tivoli Service Request Manager是一套IT服务管理解决方案。Change and Configuration Management Database是一套用于自动发现企业的物理和应用程序基础设施的工具。多款IBM产品中存在安全漏洞。攻击者可利用该漏洞使用过期的密码登陆系统。

Severity

高

Patch Name

多款IBM产品密码过期漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://www-01.ibm.com/support/docview.wss?uid=swg21969052

Reference

https://www.ibm.com/support/docview.wss?uid=swg21969052 http://secunia.com/advisories/67311

Impacted products

Name
['IBM Tivoli Asset Management for IT 7.1', 'IBM Tivoli Asset Management for IT 7.2', 'IBM Maximo Asset Management 7.1', 'IBM Maximo Asset Management Essentials 7.1', 'IBM Maximo Asset Management Essentials 7.5', 'IBM Tivoli Service Request Manager 7.1', 'IBM Tivoli Service Request Manager 7.2', 'IBM Change and Configuration Management Database 7.1', 'IBM Change and Configuration Management Database 7.2', 'IBM SmartCloud Control Desk 7.5', 'IBM Maximo Asset Management 7.6', 'IBM Maximo Asset Management 7.5', 'IBM Maximo for Energy Optimization 7.1', 'IBM Maximo for Government 7.5', 'IBM Maximo for Government 7.1', 'IBM Maximo for Nuclear Power 7.5', 'IBM Maximo for Nuclear Power 7.1', 'IBM Maximo for Transportation 7.5', 'IBM Maximo for Transportation 7.1', 'IBM Maximo for Life Sciences 7.6', 'IBM Maximo for Life Sciences 7.5', 'IBM Maximo for Life Sciences 7.1', 'IBM Maximo for Oil and Gas 7.5', 'IBM Maximo for Oil and Gas 7.1', 'IBM Maximo for Utilities 7.5', 'IBM Maximo for Utilities 7.1', 'IBM SmartCloud Control Desk 7.6']

Name

['IBM Tivoli Asset Management for IT 7.1', 'IBM Tivoli Asset Management for IT 7.2', 'IBM Maximo Asset Management 7.1', 'IBM Maximo Asset Management Essentials 7.1', 'IBM Maximo Asset Management Essentials 7.5', 'IBM Tivoli Service Request Manager 7.1', 'IBM Tivoli Service Request Manager 7.2', 'IBM Change and Configuration Management Database 7.1', 'IBM Change and Configuration Management Database 7.2', 'IBM SmartCloud Control Desk 7.5', 'IBM Maximo Asset Management 7.6', 'IBM Maximo Asset Management 7.5', 'IBM Maximo for Energy Optimization 7.1', 'IBM Maximo for Government 7.5', 'IBM Maximo for Government 7.1', 'IBM Maximo for Nuclear Power 7.5', 'IBM Maximo for Nuclear Power 7.1', 'IBM Maximo for Transportation 7.5', 'IBM Maximo for Transportation 7.1', 'IBM Maximo for Life Sciences 7.6', 'IBM Maximo for Life Sciences 7.5', 'IBM Maximo for Life Sciences 7.1', 'IBM Maximo for Oil and Gas 7.5', 'IBM Maximo for Oil and Gas 7.1', 'IBM Maximo for Utilities 7.5', 'IBM Maximo for Utilities 7.1', 'IBM SmartCloud Control Desk 7.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5017"
    }
  },
  "description": "IBM Maximo Asset Management\u7b49\u90fd\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4ea7\u54c1\u3002Maximo Asset Management\u548cMaximo Asset Management Essentials\u90fd\u662f\u7efc\u5408\u6027\u8d44\u4ea7\u751f\u547d\u5468\u671f\u548c\u7ef4\u62a4\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002SmartCloud Control Desk\uff08SCCD\uff09\u662f\u4e00\u5957\u7edf\u4e00\u8d44\u4ea7\u548c\u670d\u52a1\u7ba1\u7406\u8f6f\u4ef6\uff0cTivoli IT Asset Management for IT\u662f\u4e00\u5957IT\u8d44\u4ea7\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002Tivoli Service Request Manager\u662f\u4e00\u5957IT\u670d\u52a1\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002Change and Configuration Management Database\u662f\u4e00\u5957\u7528\u4e8e\u81ea\u52a8\u53d1\u73b0\u4f01\u4e1a\u7684\u7269\u7406\u548c\u5e94\u7528\u7a0b\u5e8f\u57fa\u7840\u8bbe\u65bd\u7684\u5de5\u5177\u3002\r\n\r\n\u591a\u6b3eIBM\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u8fc7\u671f\u7684\u5bc6\u7801\u767b\u9646\u7cfb\u7edf\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21969052",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-07890",
  "openTime": "2015-12-03",
  "patchDescription": "IBM Maximo Asset Management\u7b49\u90fd\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4ea7\u54c1\u3002Maximo Asset Management\u548cMaximo Asset Management Essentials\u90fd\u662f\u7efc\u5408\u6027\u8d44\u4ea7\u751f\u547d\u5468\u671f\u548c\u7ef4\u62a4\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002SmartCloud Control Desk\uff08SCCD\uff09\u662f\u4e00\u5957\u7edf\u4e00\u8d44\u4ea7\u548c\u670d\u52a1\u7ba1\u7406\u8f6f\u4ef6\uff0cTivoli IT Asset Management for IT\u662f\u4e00\u5957IT\u8d44\u4ea7\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002Tivoli Service Request Manager\u662f\u4e00\u5957IT\u670d\u52a1\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002Change and Configuration Management Database\u662f\u4e00\u5957\u7528\u4e8e\u81ea\u52a8\u53d1\u73b0\u4f01\u4e1a\u7684\u7269\u7406\u548c\u5e94\u7528\u7a0b\u5e8f\u57fa\u7840\u8bbe\u65bd\u7684\u5de5\u5177\u3002\r\n\r\n\u591a\u6b3eIBM\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u8fc7\u671f\u7684\u5bc6\u7801\u767b\u9646\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eIBM\u4ea7\u54c1\u5bc6\u7801\u8fc7\u671f\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Tivoli Asset Management for IT 7.1",
      "IBM Tivoli Asset Management for IT 7.2",
      "IBM Maximo Asset Management 7.1",
      "IBM Maximo Asset Management Essentials 7.1",
      "IBM Maximo Asset Management Essentials 7.5",
      "IBM Tivoli Service Request Manager 7.1",
      "IBM Tivoli Service Request Manager 7.2",
      "IBM Change and Configuration Management Database 7.1",
      "IBM Change and Configuration Management Database 7.2",
      "IBM SmartCloud Control Desk 7.5",
      "IBM Maximo Asset Management 7.6",
      "IBM Maximo Asset Management  7.5",
      "IBM Maximo for Energy Optimization 7.1",
      "IBM Maximo for Government 7.5",
      "IBM Maximo for Government 7.1",
      "IBM Maximo for Nuclear Power 7.5",
      "IBM Maximo for Nuclear Power 7.1",
      "IBM Maximo for Transportation 7.5",
      "IBM Maximo for Transportation 7.1",
      "IBM Maximo for Life Sciences 7.6",
      "IBM Maximo for Life Sciences 7.5",
      "IBM Maximo for Life Sciences 7.1",
      "IBM Maximo for Oil and Gas 7.5",
      "IBM Maximo for Oil and Gas 7.1",
      "IBM Maximo for Utilities 7.5",
      "IBM Maximo for Utilities 7.1",
      "IBM SmartCloud Control Desk 7.6"
    ]
  },
  "referenceLink": "https://www.ibm.com/support/docview.wss?uid=swg21969052\r\nhttp://secunia.com/advisories/67311",
  "serverity": "\u9ad8",
  "submitTime": "2015-12-02",
  "title": "\u591a\u6b3eIBM\u4ea7\u54c1\u5bc6\u7801\u8fc7\u671f\u6f0f\u6d1e"
}

CVE-2015-5017 (GCVE-0-2015-5017)

Vulnerability from cvelistv5 – Published: 2016-01-03 02:00 – Updated: 2024-08-06 06:32

Summary

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.

Severity ?

No CVSS data available.

CWE

Assigner

ibm

References

URL

Tags

http://www-01.ibm.com/support/docview.wss?uid=swg…

x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:32.680Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-03T05:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-5017",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-5017",
    "datePublished": "2016-01-03T02:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:32.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-07890

CVE-2015-5017 (GCVE-0-2015-5017)

Tags

Sightings

Nomenclature