CVE-2017-1176
Description
IBM Maximo Asset Management 7.1, 7.5, and 7.6 do not properly clear attachment data, allowing local users to read sensitive information from previously deleted attachments.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Maximo Asset Management 7.1, 7.5, and 7.6 do not properly clear attachment data, allowing local users to read sensitive information from previously deleted attachments.
Vulnerability
IBM Maximo Asset Management versions 7.1, 7.5, and 7.6, as well as affected industry solution and control desk products using these core versions [1], retain attachment data inappropriately after deletion. This information disclosure vulnerability (CVE-2017-1176) resides in the attachment handling mechanism and does not require any special configuration to be reachable. The core product version, based on the Tivoli process automation engine, must be an affected version [1].
Exploitation
To exploit this vulnerability, an attacker must have local access to the system [1]. No authentication or user interaction is required beyond being able to access the local file system or database where deleted attachments are retained. The attacker can then retrieve the sensitive data from the residual attachment storage [1].
Impact
Successful exploitation allows a local user to obtain sensitive information that was intended to be removed [1]. The impact is limited to information disclosure (confidentiality) with a CVSS v3 base score of 3.3 (Low). The integrity and availability of the system are not affected [1].
Mitigation
IBM released a fix as part of the Maximo Asset Management 7.6.0.4 Interim Fix 1 (and equivalent fixes for 7.5 and 7.1) [1]. Users should apply the fix from IBM Fix Central. No workaround is documented in the available references. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of publication date.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*
- (no CPE)range: 7.1, 7.5, 7.6
- (no CPE)range: 7.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.ibm.com/support/docview.wssnvdVendor Advisory
- www.securityfocus.com/bid/99371nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/123299nvdVDB EntryVendor Advisory
News mentions
0No linked articles in our index yet.