Prophaze WAF Blog

IBM Maximo Anywhere root detection hack - Cloud WAF

Written by Rajaneesh | Oct 10, 2019 5:23:41 PM
Overview :
IBM Maximo Anywhere does not have device root detection which could result in an attacker gaining sensitive information about the device.
Affected Product(s) :
  •  Affected IBM Maximo Anywhere Affected Versions
  • IBM Maximo Anywhere 7.6.2
  • IBM Maximo Anywhere 7.6.3
  • IBM Maximo Anywhere 7.6.1
  • IBM Maximo Anywhere 7.6.0
Vulnerability Details :
CVE ID : CVE-2019-4265
IBM Maximo Anywhere does not have device root detection would could result in an attacker gaining sensitive information about the device.
CVSS Base Score: 2.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/160198 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Remediation / Fixes :

Product
VRMF
Remediation / First Fix
IBM Maximo Anywhere 7.6.0.0 Request LA Fix from Support.
IBM Maximo Anywhere 7.6.1.0 Request LA Fix from Support.
IBM Maximo Anywhere 7.6.2.x Request LA Fix from Support.
IBM Maximo Anywhere 7.6.3.x Request LA Fix from Support.