CVE-2017-1357

CWE-20 — Improper Input Validation4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 55.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Maximo Asset Management IBM Maximo Asset Management Essentials

Timeline

PublishedAug 9

Latest updateMay 17

Description

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5ibm/maximo_asset_management7.5, 7.6+1

▶NVDibm/maximo_asset_management19 versions+18

▶NVDibm/maximo_asset_management_essentials19 versions+18

🔴Vulnerability Details

GHSA

GHSA-hq5w-xh8r-j586: IBM Maximo Asset Management 7↗2022-05-17

▶

CVEList

CVE-2017-1357: IBM Maximo Asset Management 7↗2017-08-09

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Edge Chakra: JIT - 'OP_Memset' Type Confusion↗2017-11-16

▶