CVE-2019-4364

CWE-12365 documents4 sources

Severity

8.0HIGH

EPSS

1.5%

top 19.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Maximo Asset Management IBM Control Desk IBM Maximo FOR Aviation +5 more

Timeline

PublishedJun 19

Latest updateMay 24

Description

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5ibm/maximo_asset_management7.6

▶NVDibm/maximo_asset_management7.6

▶NVDibm/maximo9 versions+8

▶NVDibm/control_desk7.6.0, 7.6.0.1+1

🔴Vulnerability Details

GHSA

GHSA-r86q-856p-4q9q: IBM Maximo Asset Management 7↗2022-05-24

▶

CVEList

CVE-2019-4364: IBM Maximo Asset Management 7↗2019-06-19

▶

💬Community

Bugzilla

Mojarra: Path traversal in ResourceManager.java:getResourceLibraryContracts() via the con parameter↗2020-02-20

▶