CVE-2013-4016

CWE-89SQL Injection3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 45.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
IBM Change AND Configuration Management DatabaseIBM Maximo Asset ManagementIBM Maximo Service Desk+4 more
Timeline
PublishedMay 26
Latest updateMay 17

Description

SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages7 packages

NVDibm/maximo_asset_management15 versions+14
NVDibm/tivoli_it_asset_management7.1.1.11, 7.1.1.12, 7.1.1.7+2
NVDibm/maximo_service_desk7.1.1.11, 7.1.1.12, 7.1.1.7+2

🔴Vulnerability Details

2
GHSA
GHSA-vf4v-jx55-rc4w: SQL injection vulnerability in IBM Maximo Asset Management 72022-05-17
CVEList
CVE-2013-4016: SQL injection vulnerability in IBM Maximo Asset Management 72014-05-26
CVE-2013-4016 (MEDIUM CVSS 6.5) | SQL injection vulnerability in IBM | cvebase.io