cnvd - cnvd-2018-08000

CNVD-2018-08000

Vulnerability from cnvd - Published: 2018-04-20

Title

多款IBM产品信息泄露漏洞（CNVD-2018-08000）

Description

IBM Maximo Asset Management等都是美国IBM公司的产品。Maximo Asset Management和Maximo Asset Management Essentials都是综合性资产生命周期和维护管理解决方案。Tivoli Service Request Manager是一套IT服务管理解决方案。多款IBM产品中存在安全漏洞。远程攻击者可利用该漏洞绕过访问限制并读取信息。

Severity

中

Patch Name

多款IBM产品信息泄露漏洞（CNVD-2018-08000）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www-01.ibm.com/support/docview.wss?uid=swg21971160

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg21971160

Impacted products

Name
['IBM Tivoli Asset Management for IT 7.1', 'IBM Tivoli Asset Management for IT 7.2', 'IBM Maximo Asset Management 7.1', 'IBM Maximo Asset Management Essentials 7.1', 'IBM Maximo Asset Management Essentials 7.5', 'IBM Tivoli Service Request Manager 7.1', 'IBM Tivoli Service Request Manager 7.2', 'IBM Change and Configuration Management Database 7.1', 'IBM Change and Configuration Management Database 7.2', 'IBM Maximo Asset Management 7.6', 'IBM Maximo Asset Management 7.5', 'IBM Maximo for Energy Optimization 7.1', 'IBM Maximo for Government 7.5', 'IBM Maximo for Government 7.1', 'IBM Maximo for Nuclear Power 7.5', 'IBM Maximo for Nuclear Power 7.1', 'IBM Maximo for Transportation 7.5', 'IBM Maximo for Transportation 7.1', 'IBM Maximo for Life Sciences 7.6', 'IBM Maximo for Life Sciences 7.5', 'IBM Maximo for Life Sciences 7.1', 'IBM Maximo for Oil and Gas 7.5', 'IBM Maximo for Oil and Gas 7.1', 'IBM Maximo for Utilities 7.5', 'IBM Maximo for Utilities 7.1', 'IBM Maximo for Aviation 7.6', 'IBM Maximo for Transportation 7.6', 'IBM IBM Control Desk 7.6', 'IBM IBM Control Desk 7.5']

Name

['IBM Tivoli Asset Management for IT 7.1', 'IBM Tivoli Asset Management for IT 7.2', 'IBM Maximo Asset Management 7.1', 'IBM Maximo Asset Management Essentials 7.1', 'IBM Maximo Asset Management Essentials 7.5', 'IBM Tivoli Service Request Manager 7.1', 'IBM Tivoli Service Request Manager 7.2', 'IBM Change and Configuration Management Database 7.1', 'IBM Change and Configuration Management Database 7.2', 'IBM Maximo Asset Management 7.6', 'IBM Maximo Asset Management 7.5', 'IBM Maximo for Energy Optimization 7.1', 'IBM Maximo for Government 7.5', 'IBM Maximo for Government 7.1', 'IBM Maximo for Nuclear Power 7.5', 'IBM Maximo for Nuclear Power 7.1', 'IBM Maximo for Transportation 7.5', 'IBM Maximo for Transportation 7.1', 'IBM Maximo for Life Sciences 7.6', 'IBM Maximo for Life Sciences 7.5', 'IBM Maximo for Life Sciences 7.1', 'IBM Maximo for Oil and Gas 7.5', 'IBM Maximo for Oil and Gas 7.1', 'IBM Maximo for Utilities 7.5', 'IBM Maximo for Utilities 7.1', 'IBM Maximo for Aviation 7.6', 'IBM Maximo for Transportation 7.6', 'IBM IBM Control Desk 7.6', 'IBM IBM Control Desk 7.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5016",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5016"
    }
  },
  "description": "IBM Maximo Asset Management\u7b49\u90fd\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4ea7\u54c1\u3002Maximo Asset Management\u548cMaximo Asset Management Essentials\u90fd\u662f\u7efc\u5408\u6027\u8d44\u4ea7\u751f\u547d\u5468\u671f\u548c\u7ef4\u62a4\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002Tivoli Service Request Manager\u662f\u4e00\u5957IT\u670d\u52a1\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\n\u591a\u6b3eIBM\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bbf\u95ee\u9650\u5236\u5e76\u8bfb\u53d6\u4fe1\u606f\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21971160",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-08000",
  "openTime": "2018-04-20",
  "patchDescription": "IBM Maximo Asset Management\u7b49\u90fd\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4ea7\u54c1\u3002Maximo Asset Management\u548cMaximo Asset Management Essentials\u90fd\u662f\u7efc\u5408\u6027\u8d44\u4ea7\u751f\u547d\u5468\u671f\u548c\u7ef4\u62a4\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002Tivoli Service Request Manager\u662f\u4e00\u5957IT\u670d\u52a1\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\n\u591a\u6b3eIBM\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bbf\u95ee\u9650\u5236\u5e76\u8bfb\u53d6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eIBM\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-08000\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Tivoli Asset Management for IT 7.1",
      "IBM Tivoli Asset Management for IT 7.2",
      "IBM Maximo Asset Management 7.1",
      "IBM Maximo Asset Management Essentials 7.1",
      "IBM Maximo Asset Management Essentials 7.5",
      "IBM Tivoli Service Request Manager 7.1",
      "IBM Tivoli Service Request Manager 7.2",
      "IBM Change and Configuration Management Database 7.1",
      "IBM Change and Configuration Management Database 7.2",
      "IBM Maximo Asset Management 7.6",
      "IBM Maximo Asset Management  7.5",
      "IBM Maximo for Energy Optimization 7.1",
      "IBM Maximo for Government 7.5",
      "IBM Maximo for Government 7.1",
      "IBM Maximo for Nuclear Power 7.5",
      "IBM Maximo for Nuclear Power 7.1",
      "IBM Maximo for Transportation 7.5",
      "IBM Maximo for Transportation 7.1",
      "IBM Maximo for Life Sciences 7.6",
      "IBM Maximo for Life Sciences 7.5",
      "IBM Maximo for Life Sciences 7.1",
      "IBM Maximo for Oil and Gas 7.5",
      "IBM Maximo for Oil and Gas 7.1",
      "IBM Maximo for Utilities 7.5",
      "IBM Maximo for Utilities 7.1",
      "IBM Maximo for Aviation 7.6",
      "IBM Maximo for Transportation 7.6",
      "IBM IBM Control Desk 7.6",
      "IBM IBM Control Desk 7.5"
    ]
  },
  "referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160",
  "serverity": "\u4e2d",
  "submitTime": "2018-03-29",
  "title": "\u591a\u6b3eIBM\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-08000\uff09"
}

CVE-2015-5016 (GCVE-0-2015-5016)

Vulnerability from cvelistv5 – Published: 2018-03-27 17:00 – Updated: 2024-08-06 06:32

Summary

IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.

Severity ?

No CVSS data available.

CWE

Assigner

ibm

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20155016-info-disc(106460)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-27T16:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20155016-info-disc(106460)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-5016",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20155016-info-disc(106460)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-5016",
    "datePublished": "2018-03-27T17:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-08000

CVE-2015-5016 (GCVE-0-2015-5016)

Tags

Sightings

Nomenclature