SQL Injection Vulnerability in IBM Maximo Asset Management Products
CVE-2015-4967

Currently unrated

Key Information:

Vendor: IBM
Status: Maximo Asset Management; Maximo For Nuclear Power; Maximo For Utilities; Maximo For Life Sciences
Vendor: CVE Published:; 6 October 2015

Summary

An SQL injection vulnerability exists in IBM Maximo Asset Management versions 7.1 through 7.1.1.13, and certain versions of 7.5 and 7.6. This flaw allows remote authenticated users to execute arbitrary SQL commands, potentially compromising the integrity of the underlying database. Affected versions include Maximo Asset Management 7.5.x prior to IFIX004 and 7.6.x before IFIX002, especially in deployments related to SmartCloud Control Desk and Tivoli IT Asset Management products. Proper security measures and timely updates are crucial to mitigate risk.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21966181

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 6, 2015
Vulnerability Reserved
Jun 24, 2015