Information disclosure in Ibm Change_and_configuration_management_database

CVE-2015-4965

maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7…

Vulnerability class: Information Disclosure

EPSS: 0.001 (34.7th percentile) — read the EPSS interpretation.

Affected products

Ibm Change_and_configuration_management_database — versions 7.1, 7.2
Ibm Maximo_asset_management — versions 7.1, 7.1.1, 7.1.1.1
Ibm Maximo_asset_management_essentials — versions 7.1, 7.5
Ibm Maximo_for_energy_optimization — versions 7.1
Ibm Maximo_for_government — versions 7.1, 7.5.0.0, 7.5.0.1
Ibm Maximo_for_life_sciences — versions 7.1, 7.5.0.0, 7.5.0.1
Ibm Maximo_for_nuclear_power — versions 7.1, 7.5.0.0, 7.5.0.1
Ibm Maximo_for_oil_and_gas — versions 7.1, 7.5.0.0, 7.5.0.1
Ibm Maximo_for_transportation — versions 7.1, 7.5.0.0, 7.5.0.1
Ibm Maximo_for_utilities — versions 7.1, 7.5.0.0, 7.5.0.1

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)