U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

An SSRF flaw in Maximo Asset Management could be used to target corporate networks

IBM recently fixed a high-severity issue in its Maximo asset management solution that could facilitate attacks on corporate networks. IBM recently addressed a high-severity issue, tracked as CVE-2020-4529, in its Maximo asset management solution that could facilitate attacks on making lateral movements within corporate networks. Maximo is designed to assist an organisation in managing its assets […]

IBM API Connect

IBM recently fixed a high-severity issue in its Maximo asset management solution that could facilitate attacks on corporate networks.

IBM recently addressed a high-severity issue, tracked as CVE-2020-4529, in its Maximo asset management solution that could facilitate attacks on making lateral movements within corporate networks.

Maximo is designed to assist an organisation in managing its assets

The vulnerability is a server side request forgery (SSRF) issue that has been reported to IBM by Andrey Medov and Arseniy Sharoglazov of Positive Technologies.

The CVE-2020-4529 could allow an authenticated attacker to send unauthorized requests from a system, potentially leading to other attacks, such as network enumeration,

“IBM Maximo Asset Management is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.” reads the security advisory.

The vulnerability impacts Maximo Asset Management 7.6.0 and 7.6.1., the IT giant already released an update to address the issue along with workarounds and mitigations.

The flaw also affects solutions developed for specific industries, including Aviation, Life Sciences, Oil and Gas, Nuclear Power, Transportation, and for Utilities.

Researchers who discovered the issue explained that an attack can be launched from a warehouse worker’s workstation, which may easy tohack for a threat actor.

“IBM Maximo Asset Management software is used at major critical facilities. Any vulnerabilities in it could attract APT groups interested in access to the internal network. One example of a low-privileged attacker is a warehouse worker, who remotely connects to the system and enters items into a database. A threat could also come from the warehouse worker’s workstation itself, if infected by a virus.Arseny Sharoglazov explained.

“IBM Maximo web interfaces are usually accessible from all of a company’s warehouses, which could be located in multiple regions or countries. So if our ‘warehouse worker’ or equivalent connects through a properly configured VPN, that person’s access within the corporate network is restricted to what they need— from that particular system and email, for example. But the vulnerability we found allows bypassing this restriction and interacting with other systems, on which an attacker could try for remote code execution (RCE) and potentially access all systems, blueprints, documents, accounting information, and ICS process networks. Sometimes employees connect to IBM Maximo directly over the Internet with weak passwords and no VPN, making an attack easier to perform.”

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Maximo)

[adrotate banner=”5″]

[adrotate banner=”13″]