Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2022-40616 |
CWE-ID | CWE-287 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
IBM Maximo Asset Management Server applications / Other server solutions |
Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU67577
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-40616
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an unspecified error, related to disabled mxe.int.enableosauth property. A remote attacker can bypass authentication process and gain unauthorized access to the application.
MitigationThe vendor recommends the following workaround:
Before proceeding, ensure that security is configured
for all object structures. After the following change is implemented,
no access is permitted except through explicitly defined security.
1. Go to the System Properties application and locate the property mxe.int.enableosauth.
2. Set the value for that property to 1 and save.
3. Live refresh the property value.
IBM Maximo Asset Management: 7.6.1.1 - 7.6.1.3
External linkshttp://www.ibm.com/support/pages/node/6621599
http://exchange.xforce.ibmcloud.com/vulnerabilities/236311
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.