IBM Maximo and Websphere security issues

IBM Maximo and Websphere security issues

IBM had published their security threats list on their Maximo newsletter a few days ago. As it is stated in this article, Websphere has potentialy weaker security then expected, with a possibility that a remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console.

IBM advises all users to subscribe to their System z Security Portal and to review the CVSS scores and apply all security or integrity fixes as soon as possible to minimize any potential risk.

As far as Maximo goes, Websphere is shipped with Maximo as a component. Refer to the table below for the specific details about affected products.

Principal Product and Version(s) Affected Supporting Product and Version
Maximo Asset Management 7.6
IBM Control Desk 7.6
Maximo for Aviation 7.6
Maximo for Life Sciences 7.6
Maximo for Transportation 7.6
IBM WebSphere Application Server 8.0.0.13
IBM WebSphere Application Server 8.5.5.11
IBM WebSphere Application Server 8.5.5.10
IBM WebSphere Application Server 8.5.5.9
Maximo Asset Management 7.5
Maximo Asset Management Essentials 7.5
Maximo for Government 7.5
Maximo for Nuclear Power 7.5
Maximo for Transportation 7.5
Maximo for Life Sciences 7.5
Maximo for Oil and Gas 7.5
Maximo for Utilities 7.5
Maximo Adapter for Primavera 7.5
IBM Control Desk 7.5
TRIRIGA Energy Optimization 1.1
IBM WebSphere Application Server 8.0.0.13
IBM WebSphere Application Server 8.5.5.11
IBM WebSphere Application Server 8.5.5.10
IBM WebSphere Application Server 8.5.5.9

Table source

IBM has provided fixes for Maximo 7.6 and 7.5. You can download them here:
Maximo 7.6
Maximo 7.5

Leave a reply

Your email address will not be published. Required fields are marked*