CVE-2015-7448

CWE-89SQL Injection3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.1%
top 68.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
IBM Change AND Configuration Management DatabaseIBM Maximo Asset ManagementIBM Maximo Asset Management Essentials+10 more
Timeline
PublishedMar 12
Latest updateMay 17

Description

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages7 packages

NVDibm/maximo_asset_management27 versions+26
NVDibm/tivoli_asset_management8 versions+7
NVDibm/maximo13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-4283-cqg2-3qrc: SQL injection vulnerability in IBM Maximo Asset Management 72022-05-17
CVEList
CVE-2015-7448: SQL injection vulnerability in IBM Maximo Asset Management 72016-03-12
CVE-2015-7448 (MEDIUM CVSS 5.4) | SQL injection vulnerability in IBM | cvebase.io