CVE-2019-4446

IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.

Published: Apr 17, 2020
Updated: Nov 9, 2025
CVE: CVE-2019-4446
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ibm / maximo_for_life_sciences	7.6	7.6.x
ibm / maximo_for_transportation	7.6.2.3	7.6.2.3.x
ibm / maximo_for_transportation	7.6.2.4	7.6.2.4.x
ibm / control_desk	7.6.1	7.6.1.x
ibm / maximo_asset_management	7.6.1.1	7.6.1.1.x
ibm / maximo_for_oil_and_gas	7.6.1	7.6.1.x
ibm / maximo_asset_management	7.6.1	7.6.1.x
ibm / control_desk	7.6.1.1	7.6.1.1.x
ibm / maximo_for_aviation	7.6.8	7.6.8.x
ibm / maximo_for_aviation	7.6.7	7.6.7.x
ibm / maximo_for_aviation	7.6.6	7.6.6.x
ibm / maximo_for_utilities	7.6.0.2	7.6.0.2.x
ibm / maximo_for_utilities	7.6.0.1	7.6.0.1.x
ibm / maximo_for_transportation	7.6.2.5	7.6.2.5.x
ibm / maximo_for_nuclear_power	7.6.1	7.6.1.x
ibm / maximo_for_service_providers	7.6.3.3	7.6.3.3.x
ibm / maximo_for_service_providers	7.6.3.2	7.6.3.2.x
ibm / maximo_for_service_providers	7.6.3.1	7.6.3.1.x
ibm / maximo_linear_asset_manager	7.6.0.3	7.6.0.3.x
ibm / maximo_linear_asset_manager	7.6.0.2	7.6.0.2.x
ibm / maximo_linear_asset_manager	7.6.0.1	7.6.0.1.x
ibm / maximo_enterprise_adapter	7.6	7.6.x
ibm / maximo_enterprise_adapter	7.6.1	7.6.1.x
ibm / maximo_calibration	7.6	7.6.x
ibm / maximo_asset_management_scheduler_plus	7.6.7.3	7.6.7.3.x
ibm / maximo_asset_management_scheduler_plus	7.6.7.1	7.6.7.1.x
ibm / maximo_asset_management_scheduler_plus	7.6.7	7.6.7.x
ibm / maximo_asset_management_scheduler	7.6.7.3	7.6.7.3.x
ibm / maximo_asset_management_scheduler	7.6.7.1	7.6.7.1.x
ibm / maximo_asset_management_scheduler	7.6.7	7.6.7.x
ibm / maximo_asset_configuration_manager	7.6.7.1	7.6.7.1.x
ibm / maximo_asset_configuration_manager	7.6.7	7.6.7.x
ibm / maximo_asset_configuration_manager	7.6.6	7.6.6.x
ibm / maximo_network_on_blockchain	7.6.0.1	7.6.0.1.x
ibm / maximo_network_on_blockchain	7.6.0.0	7.6.0.0.x
ibm / maximo_asset_health_insights	7.6.1	7.6.1.x
ibm / maximo_asset_health_insights	7.6.1.1	7.6.1.1.x
ibm / maximo_asset_management	7.6.0	7.6.0.x
ibm / tivoli_integration_composer	7.6	7.6.x

Vulnerability Database

309,540

CVE-2019-4446

Deep Security Visibility Without the Complexity