Web Application Firewall

IBM Maximo Anywhere root detection hack

Overview :

IBM Maximo Anywhere does not have device root detection which could result in an attacker gaining sensitive information about the device.

Affected Product(s) :

Affected IBM Maximo Anywhere Affected Versions
IBM Maximo Anywhere 7.6.2
IBM Maximo Anywhere 7.6.3
IBM Maximo Anywhere 7.6.1
IBM Maximo Anywhere 7.6.0

Vulnerability Details :

CVE ID :	CVE-2019-4265
	IBM Maximo Anywhere does not have device root detection would could result in an attacker gaining sensitive information about the device. CVSS Base Score: 2.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/160198 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Remediation / Fixes :

Product	VRMF	Remediation / First Fix
IBM Maximo Anywhere	7.6.0.0	Request LA Fix from Support.
IBM Maximo Anywhere	7.6.1.0	Request LA Fix from Support.
IBM Maximo Anywhere	7.6.2.x	Request LA Fix from Support.
IBM Maximo Anywhere	7.6.3.x	Request LA Fix from Support.

The Dawn Of Cyber Challenges In Healthcare Security | Prophaze

CVE-2023-6975 : MLFLOW PRIOR 2.9.2 PATH TRAVERSAL

CVE-2023-47093 : STORMSHIELD NETWORK SECURITY UP TO 4.3.21/4.6.8/4.7.0 ASQ ENGINE DENIAL OF SERVICE

zzcms 2018 template_user.php ml/title code injection

August 26, 2021 No Comments

A vulnerability was found in zzcms 2018 (Content Management System) and classified as critical. This issue affects an unknown function

ZyXEL VPN2S 1.12 Web Server path traversal

September 29, 2021 No Comments

A vulnerability classified as problematic was found in ZyXEL VPN2S 1.12. Affected by this vulnerability is an unknown part of

Zyxel VPN2S 1.12 CGI Program os command injection

September 29, 2021 No Comments

A vulnerability has been found in Zyxel VPN2S 1.12 and classified as critical. This vulnerability affects some unknown processing of

Zyxel USG/USG Flex/Zywall/ATP/VPN up to 4.64 Web-based Management Interface improper authentication

July 2, 2021 No Comments

A vulnerability was found in Zyxel USG, USG Flex, Zywall, ATP and VPN up to 4.64 (Firewall Software). It has

ZyXEL GS1900-8 2.60 LLDP Packet cross site scripting

July 26, 2021 No Comments

A vulnerability was found in ZyXEL GS1900-8 2.60. It has been classified as problematic. This affects an unknown code of

Zynamics BinDiff up to 6 i64 File use after free

June 30, 2021 No Comments

A vulnerability, which was classified as critical, has been found in Zynamics BinDiff up to 6. This issue affects an

CVE-2024-48889 : FORTINET FORTIMANAGER UP TO 6.4.14/7.0.12/7.2.7/7.4.4/7.6.0 FGFM REQUEST OS COMMAND INJECTION

December 19, 2024 No Comments

Description An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiManager version

CVE-2023-34990 : FORTINET FORTIWLM UP TO 8.5.4/8.6.5 WEB REQUEST PATH TRAVERSAL

December 19, 2024 No Comments

Description A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute

CVE-2024-47104 : IBM I 7.4/7.5 PHYSICAL FILE SECURITY ATTRIBUTES PERMISSION ASSIGNMENT

December 19, 2024 No Comments

Description IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A

IBM Maximo Anywhere root detection hack

Remediation / Fixes :

Recent Posts

The Dawn Of Cyber Challenges In Healthcare Security | Prophaze

CVE-2023-6975 : MLFLOW PRIOR 2.9.2 PATH TRAVERSAL

CVE-2023-47093 : STORMSHIELD NETWORK SECURITY UP TO 4.3.21/4.6.8/4.7.0 ASQ ENGINE DENIAL OF SERVICE

Follow Us

zzcms 2018 template_user.php ml/title code injection

ZyXEL VPN2S 1.12 Web Server path traversal

Zyxel VPN2S 1.12 CGI Program os command injection

Zyxel USG/USG Flex/Zywall/ATP/VPN up to 4.64 Web-based Management Interface improper authentication

ZyXEL GS1900-8 2.60 LLDP Packet cross site scripting

Zynamics BinDiff up to 6 i64 File use after free

Web Application Firewall Solution

CVE-2024-48889 : FORTINET FORTIMANAGER UP TO 6.4.14/7.0.12/7.2.7/7.4.4/7.6.0 FGFM REQUEST OS COMMAND INJECTION

CVE-2023-34990 : FORTINET FORTIWLM UP TO 8.5.4/8.6.5 WEB REQUEST PATH TRAVERSAL

CVE-2024-47104 : IBM I 7.4/7.5 PHYSICAL FILE SECURITY ATTRIBUTES PERMISSION ASSIGNMENT