SQL Injection in IBM Maximo Asset Management Products
CVE-2012-0747

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Asset Management For It; Maximo Asset Management; Smartcloud Control Desk; Change And Configuration Management Database
Vendor: CVE Published:; 10 September 2012

What is CVE-2012-0747?

An SQL injection vulnerability exists in IBM Maximo Asset Management versions 6.2 through 7.5, affecting associated applications like SmartCloud Control Desk and Tivoli Service Request Manager. This security flaw allows remote authenticated users to execute arbitrary SQL commands, potentially compromising database integrity and leading to unauthorized access or data manipulation. It is crucial for users of these products to implement appropriate security measures and monitor for any unusual activity to mitigate the risks associated with this vulnerability.

References

http://osvdb.org/85186

vdb-entryx_refsource_OSVDB

http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032

vendor-advisoryx_refsource_AIXAPAR

http://secunia.com/advisories/50551

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2012
Vulnerability Reserved
Jan 17, 2012