The Scheduler in IBM Maximo Asset Management 7.5 before 188.8.131.52 IF6 and 7.6 before 184.108.40.206 FP1 and Maximo Asset Management 7.5 before 220.127.116.11 IF6, 7.5.1, and 7.6 before 18.104.22.168 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors.
The vulnerability affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), and SmartCloud Control Desk.
Affected Products and Versions
1. Maximo Asset Management 7.6, 7.5
2. Maximo Asset Management Essentials 7.5
3. Maximo for Government 7.5
4. Maximo for Nuclear Power 7.5
5. Maximo for Transportation 7.5
6. Maximo for Life Sciences 7.6, 7.5
7. Maximo for Oil and Gas 7.5
8. Maximo for Utilities 7.5
9. SmartCloud Control Desk 7.6, 7.5
Read more here for remediation and fixes: IBM Scheduler Vulnerability