IBM MaaS360 information disclosure
Description
IBM MaaS360 for Android versions 6.31 through 8.60 contain hardcoded credentials that can be extracted by an attacker with physical device access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM MaaS360 for Android versions 6.31 through 8.60 contain hardcoded credentials that can be extracted by an attacker with physical device access.
Vulnerability
IBM MaaS360 MDM for Android versions 6.31 through 8.60 contain hardcoded credentials embedded in the application binary [1]. The credentials are stored in a manner that allows extraction by anyone with access to the device.
Exploitation
An attacker with physical access to the device can extract the hardcoded credentials by analyzing the application binary [1]. No authentication or user interaction is required beyond physical possession of the device.
Impact
Successful extraction of the hardcoded credentials allows the attacker to gain unauthorized access to sensitive information, resulting in a high confidentiality impact [1]. The CVSS vector indicates no impact on integrity or availability.
Mitigation
IBM recommends updating the MaaS360 MDM for Android app to version 8.65 or later, available via the Google Play store [1]. No workarounds are available for this vulnerability.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: >=6.31 <=8.60
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- www.ibm.com/support/pages/node/7166750mitrevendor-advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/290341mitrevdb-entry
News mentions
0No linked articles in our index yet.