CVE-2013-3323
Severity CVSS v4.0:
Pending analysis
Type:
CWE-269
Improper Privilege Management
Publication date:
18/02/2020
Last modified:
21/02/2020
Description
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:maximo_for_government:6.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:maximo_for_life_sciences:6.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:maximo_for_life_sciences:6.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:maximo_for_life_sciences:6.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page