{"containers": {"cna": {"affected": [{"product": "Maximo Asset Management", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.6"}]}], "datePublic": "2019-06-03T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/UI:N/S:U/C:H/AC:L/PR:L/I:N/AV:N/RC:C/E:U/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Obtain Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-06T00:35:18", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"}, {"name": "ibm-maximo-cve20182028-info-disc (155554)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-06-03T00:00:00", "ID": "CVE-2018-2028", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Maximo Asset Management", "version": {"version_data": [{"version_value": "7.6"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "N", "C": "H", "I": "N", "PR": "L", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Obtain Information"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880145", "refsource": "CONFIRM", "title": "IBM Security Bulletin 880145 (Maximo Asset Management)", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"}, {"name": "ibm-maximo-cve20182028-info-disc (155554)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-2028", "datePublished": "2019-06-03T00:00:00", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2019-06-06T00:35:18", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*", "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*", "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."}, {"lang": "es", "value": "IBM Maximo Asset Management versi\u00f3n 7.6 podr\u00eda permitir que un usuario autenticado sustituya una p\u00e1gina de destino por un sitio de phishing, lo que permitir\u00eda al atacante obtener informaci\u00f3n muy confidencial. ID de IBM X-Force: 155554."}], "id": "CVE-2018-2028", "lastModified": "2023-03-03T19:34:16.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-06T01:29:00.227", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}