Multiple IBM Products CVE-2016-8987 Access Bypass Vulnerability

Multiple IBM Products are prone to an access-bypass vulnerability.

Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.

Information

Bugtraq ID: 97369
Class: Access Validation Error
CVE: CVE-2016-8987

Remote: Yes
Local: No
Published: Apr 03 2017 12:00AM
Credit: The vendor reported this issue.
Vulnerable: IBM Tivoli Service Request Manager -
IBM Tivoli Integration Composer 0
IBM Tivoli Change And Configuration Management Database 0
IBM Tivoli Asset Management for IT 0
IBM SmartCloud Control Desk 0
IBM Maximo for Utilities 0
IBM Maximo for Transportation 0
IBM Maximo for Oil and Gas 0
IBM Maximo for Nuclear Power 0
IBM Maximo for Life Sciences 0
IBM Maximo for Aviation 0
IBM Maximo Asset Management 7.6
IBM Maximo Asset Management 7.5
IBM Maximo Asset Management 7.1
IBM Control Desk 0

Not Vulnerable:

References:

• IBM Homepage (IBM)
  
• swg21996255: IBM Maximo Asset Management could allow an authenticated user to vi (IBM)
  

Source: www.securityfocus.com