IBM Maximo Asset Management 7.6.1.1/7.6.1.2/7.6.1.3 improper authentication

A vulnerability has been found in IBM Maximo Asset Management 7.6.1.1/7.6.1.2/7.6.1.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper authentication. The CWE definition for the vulnerability is CWE-287. The weakness was published 09/22/2022. The advisory is shared at ibm.com. This vulnerability is known as CVE-2022-40616. The attack can be launched remotely. There are no technical details available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. We expect the 0-day to have been worth approximately $5k-$25k. It is recommended to upgrade the affected component. A possible mitigation has been published before and not just after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: X-Force (236311).

Field09/22/2022 05:33 AM
vendorIBM
nameMaximo Asset Management
version7.6.1.1/7.6.1.2/7.6.1.3
cwe287 (improper authentication)
risk2
cvss3_vuldb_avN
cvss3_vuldb_acL
cvss3_vuldb_prN
cvss3_vuldb_uiN
cvss3_vuldb_sU
cvss3_vuldb_cL
cvss3_vuldb_iL
cvss3_vuldb_aL
cvss3_vuldb_rlO
cvss3_vuldb_rcC
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aN
urlhttps://www.ibm.com/support/pages/node/6621599
nameUpgrade
cveCVE-2022-40616
cve_assigned1662933600 (09/12/2022)
cve_cnaIBM Corporation
cve_nvd_summaryIBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311.
xforce236311
date1663797600 (09/22/2022)
typeAsset Management Software
cvss2_vuldb_avN
cvss2_vuldb_acL
cvss2_vuldb_auN
cvss2_vuldb_ciP
cvss2_vuldb_iiP
cvss2_vuldb_aiP
cvss2_vuldb_rcC
cvss2_vuldb_rlOF
cvss2_vuldb_eND
cvss3_vuldb_eX
cvss3_cna_basescore6.5
cvss2_vuldb_basescore7.5
cvss2_vuldb_tempscore6.5
cvss3_vuldb_basescore7.3
cvss3_vuldb_tempscore7.0
cvss3_meta_basescore6.9
cvss3_meta_tempscore6.8
price_0day$5k-$25k
price_trend+

Interested in the pricing of exploits?

See the underground prices here!