PatchSiren cyber security CVE debrief
CVE-2016-5896 IBM CVE debrief
CVE-2016-5896 is an information disclosure issue in IBM Maximo Asset Management and related Maximo industry solutions. According to the CVE record, a failed login attempt in the Cognos browser could trigger a stack trace that reveals sensitive information. NVD rates the issue as medium severity (CVSS 5.3) with network attack vector and no privileges or user interaction required.
- Vendor
- IBM
- Product
- CVE-2016-5896
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-01
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-01
- Advisory updated
- 2026-05-13
Who should care
Administrators and security teams responsible for IBM Maximo Asset Management 7.6 and the listed Maximo industry solutions, especially environments exposing the Cognos browser login flow.
Technical summary
The vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The NVD vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating a remotely reachable issue that can disclose limited sensitive information without requiring authentication. The affected CPEs in the record include IBM Maximo Asset Management 7.6 and IBM Maximo for Aviation, Life Sciences, Nuclear Power, Oil and Gas, and Transportation, all at 7.6. The described failure condition is an incorrect login submitted through the Cognos browser, which can cause a stack trace to be shown.
Defensive priority
Medium
Recommended defensive actions
- Review the IBM support advisory for the vendor-recommended fix or patch guidance.
- Restrict exposure of the Cognos login interface and monitor for repeated failed login attempts.
- Validate that error handling in the affected deployment does not disclose stack traces or other internal details to unauthenticated users.
- If you operate any of the listed Maximo 7.6 products, prioritize testing and applying the vendor remediation referenced by IBM.
Evidence notes
This debrief is based on the supplied NVD CVE record and its referenced official/vendor links. The source description states that IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting an incorrect login onto the Cognos browser. NVD assigns CVSS 5.3 and CWE-200. The affected products listed in the record are IBM Maximo Asset Management 7.6 and several Maximo industry solutions at 7.6. The IBM advisory link is the primary vendor remediation reference in the source corpus. Publication context used here is the CVE publishedAt date of 2017-02-01; the 2026-05-13 modifiedAt value is treated only as a later record update, not the issue date.
Official resources
-
CVE-2016-5896 CVE record
CVE.org
-
CVE-2016-5896 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Published by NVD on 2017-02-01 and later modified on 2026-05-13. The vulnerability concerns sensitive-information disclosure through a stack trace after an incorrect Cognos browser login in IBM Maximo.