Medium severity5.4NVD Advisory· Published Jan 3, 2016· Updated May 6, 2026

CVE-2015-5017

Description

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.

Affected products

IBM/Change And Configuration Management Database2 versions
cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*
IBM/Maximo Asset Management3 versions
cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*
IBM/Maximo Asset Management Essentials2 versions
cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*
IBM/Maximo For Energy Optimization
cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*
IBM/Maximo For Government2 versions
cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*
IBM/Maximo For Life Sciences3 versions
cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*
IBM/Maximo For Nuclear Power2 versions
cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*
IBM/Maximo For Oil And Gas2 versions
cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*
IBM/Maximo For Transportation2 versions
cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*
IBM/Maximo For Utilities2 versions
cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*
IBM/Smartcloud Control Desk2 versions
cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*
IBM/Tivoli Asset Management For It2 versions
cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*
IBM/Tivoli Service Request Manager2 versions
cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www-01.ibm.com/support/docview.wssnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000