CVE-2017-1352Command Injection in IBM Maximo Asset Management

CWE-77Command Injection3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 44.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Maximo Asset Management
Timeline
PublishedSep 12
Latest updateMay 17

Description

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages2 packages

CVEListV5ibm/maximo_asset_management7.5, 7.6+1

🔴Vulnerability Details

2
GHSA
GHSA-gv2c-v9gm-w42j: IBM Maximo Asset Management 72022-05-17
CVEList
CVE-2017-1352: IBM Maximo Asset Management 72017-09-12
CVE-2017-1352 — Command Injection in IBM | cvebase