CVE-2020-4529Server-Side Request Forgery in IBM Maximo Asset Management

CWE-918Server-Side Request Forgery3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 70.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Maximo Asset Management
Timeline
PublishedJun 8
Latest updateMay 24

Description

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:LExploitability: 3.1 | Impact: 3.7

Affected Packages2 packages

CVEListV5ibm/maximo_asset_management7.6.0, 7.6.1+1
NVDibm/maximo_asset_management7.6.0.0, 7.6.1.0+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-hv56-92rx-69gm: IBM Maximo Asset Management 72022-05-24
CVEList
CVE-2020-4529: IBM Maximo Asset Management 72020-06-08
CVE-2020-4529 — Server-Side Request Forgery in IBM | cvebase