SQL Injection Flaw in IBM Maximo Asset Management and Other Products
CVE-2013-4016

Currently unrated

Key Information:

Vendor: IBM
Status: Change And Configuration Management Database; Maximo Service Desk; Tivoli Service Request Manager; Tivoli It Asset Management For It
Vendor: CVE Published:; 26 May 2014

Summary

A SQL injection vulnerability is present in various versions of IBM Maximo Asset Management, allowing remote authenticated users to execute arbitrary SQL commands. This occurs through maliciously crafted Birt report queries with plain text WHERE clauses, potentially leading to unauthorized data access and manipulation.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21670870

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/85793

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
May 26, 2014
Vulnerability Reserved
Jun 7, 2013