IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
No CVSS v3.1
No CVSS v3.0
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
AV:L/AC:L/Au:N/C:P/I:N/A:N
Vendors | Products |
---|---|
Ibm |
|
Configuration 1 [-]
|
References
Link | Resource |
---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg21965080 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2015-10-04T01:00:00
Updated: 2015-10-04T02:57:01
Reserved: 2015-02-19T00:00:00
Link: CVE-2015-1933
JSON object: View
NVD Information
Status : Analyzed
Published: 2015-10-04T02:59:00.097
Modified: 2015-10-05T17:55:34.870
Link: CVE-2015-1933
JSON object: View
Redhat Information
No data.
CWE