SQL Injection Vulnerability in IBM Maximo Asset Management by IBM
CVE-2012-0728

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Asset Management For It; Smartcloud Control Desk; Change And Configuration Management Database; Maximo Asset Management
Vendor: CVE Published:; 10 September 2012

Summary

An SQL injection vulnerability exists in IBM Maximo Asset Management versions 7.1 through 7.5. This security flaw can be exploited by remote authenticated users, allowing them to execute arbitrary SQL commands through unspecified input vectors. The affected products include not only IBM Maximo Asset Management but also its associated applications such as SmartCloud Control Desk and Tivoli Service Request Manager. This exposes sensitive data and poses a significant threat to the integrity and confidentiality of the systems involved.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/74307

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964

vendor-advisoryx_refsource_AIXAPAR

http://secunia.com/advisories/50551

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Sep 10, 2012
Vulnerability Reserved
Jan 17, 2012