The Scheduler in IBM Maximo Asset Management 7.5 before 220.127.116.11 IF6 and 7.6 before 18.104.22.168 FP1 and Maximo Asset Management 7.5 before 22.214.171.124 IF6, 7.5.1, and 7.6 before 126.96.36.199 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors.
The vulnerability affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), and SmartCloud Control Desk.
Affected Products and Versions
1. Maximo Asset Management 7.6, 7.5
2. Maximo Asset Management Essentials 7.5
3. Maximo for Government 7.5
4. Maximo for Nuclear Power 7.5
5. Maximo for Transportation 7.5
6. Maximo for Life Sciences 7.6, 7.5
7. Maximo for Oil and Gas 7.5
8. Maximo for Utilities 7.5
9. SmartCloud Control Desk 7.6, 7.5
Read more here for remediation and fixes: IBM Scheduler Vulnerability