CVE-2021-38924 IBM Maximo Asset Management could be vulnerable to a detailed technical error message attack. This information could be used in further attacks against the system.

A vulnerability in the WebSphere Portals functionality of IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 140223.

CVE-2019-6226 An issue has been identified with the WebSphere Portal in IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2. When rendering an error message, it may be possible for an attacker to determine the specific data field that is being returned, which could be used in further attacks against the system. IBM X-Force ID: 140138.

CVE-2019-6223 An issue has been identified with the WebSphere Portal in IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2. When rendering an error message, it may be possible for an attacker to determine the specific data field that is being returned, which could be used in further attacks against the system. IBM X-Force ID: 139934.

CVE-2019-6212 An issue has been identified with the WebSphere Portal in IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2. When rendering an error message, it may be possible for an attacker to determine the specific data

Authentication, Authorization and Network Security (AuthNet)

A vulnerability has been identified in the WebSphere Portals functionality of IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 that could allow a remote attacker to access an unauthorized account, which could lead to further attacks against the system

How do I find out if my system is affected?

If your system is running WebSphere Portals, and was delivered with one of these updates, it may be vulnerable.
Step 1: Check the release notes for your system to see if you are vulnerable to CVE-2019-6212.
Step 2: If you are not running that update, then check the release notes for your system to see if you are vulnerable to any other vulnerabilities.
Step 3: If you are not running either update, then manually scan your system for known vulnerabilities with a vulnerability scanner. You can find a list of compatible scanners here .

Timeline

Published on: 09/14/2022 17:15:00 UTC
Last modified on: 09/17/2022 02:03:00 UTC

References

• https://www.ibm.com/support/pages/node/6620059
• https://exchange.xforce.ibmcloud.com/vulnerabilities/210163
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38924