#VU67577 Improper Authentication in IBM Maximo Asset Management - CVE-2022-40616
Published: September 22, 2022
Vulnerability identifier: #VU67577
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-40616
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
IBM Maximo Asset Management
IBM Maximo Asset Management
Software vendor:
IBM Corporation
IBM Corporation
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an unspecified error, related to disabled mxe.int.enableosauth property. A remote attacker can bypass authentication process and gain unauthorized access to the application.
Remediation
The vendor recommends the following workaround:
Before proceeding, ensure that security is configured
for all object structures. After the following change is implemented,
no access is permitted except through explicitly defined security.
1. Go to the System Properties application and locate the property mxe.int.enableosauth.
2. Set the value for that property to 1 and save.
3. Live refresh the property value.