You are here

V-161: IBM Maximo Asset Management Products Java Multiple Vulnerabilities

May 22, 2013 - 12:46am

Addthis

PROBLEM:

IBM Maximo Asset Management Products Java Multiple Vulnerabilities

PLATFORM:

IBM Maximo Asset Management 6.x
IBM Maximo Asset Management 7.x
IBM Maximo Asset Management Essentials 7.x

ABSTRACT:

Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits.

REFERENCE LINKS:

IBM Reference #:1638135
Secunia Advisory SA53451

CVE-2013-0401 CVE-2013-2433 CVE-2013-2434
CVE-2013-0402 CVE-2013-1488 CVE-2013-1491
CVE-2013-1518 CVE-2013-1537 CVE-2013-1540
CVE-2013-1557 CVE-2013-1558 CVE-2013-1561
CVE-2013-1563 CVE-2013-1564 CVE-2013-1569
CVE-2013-2383 CVE-2013-2384 CVE-2013-2394
CVE-2013-2414 CVE-2013-2415 CVE-2013-2416
CVE-2013-2417 CVE-2013-2418 CVE-2013-2419
CVE-2013-2420 CVE-2013-2421 CVE-2013-2422
CVE-2013-2423 CVE-2013-2424 CVE-2013-2425
CVE-2013-2426 CVE-2013-2427 CVE-2013-2428
CVE-2013-2429 CVE-2013-2430 CVE-2013-2431
CVE-2013-2432

IMPACT ASSESSMENT:

High

DISCUSSION:

IBM has acknowledged multiple vulnerabilities in IBM Maximo Asset Management products, which can be exploited by malicious, local users to disclose certain sensitive information and gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system.

The application bundles a vulnerable version of Java Runtime Environment.

IMPACT:

Security Bypass
Manipulation of data
Exposure of sensitive information
Privilege escalation
DoS
System access

SOLUTION:

Update to a fixed version.

Addthis