CVE-2022-35281

CWE-12363 documents3 sources
Severity
8.8HIGH
EPSS
0.7%
top 27.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Maximo Asset ManagementIBM Maximo ManageIBM Maximo Application Suite
Timeline
PublishedJan 9

Description

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages4 packages

CVEListV5ibm/maximo_asset_management7.6.1.1, 7.6.1.2, 7.6.1.3
NVDibm/maximo_asset_management7.6.1.1, 7.6.1.2, 7.6.1.3+2
CVEListV5ibm/maximo_manage8.3, 8.4

🔴Vulnerability Details

2
GHSA
GHSA-rj5f-wj63-xvgc: IBM Maximo Asset Management 72023-01-09
CVEList
IBM Maximo Application Suite command injection2023-01-06
CVE-2022-35281 (HIGH CVSS 8.8) | IBM Maximo Asset Management 7.6.1.1 | cvebase.io