SQL Injection Vulnerability in IBM Maximo Asset Management Products
CVE-2015-4967
Currently unrated
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 6 October 2015
Summary
An SQL injection vulnerability exists in IBM Maximo Asset Management versions 7.1 through 7.1.1.13, and certain versions of 7.5 and 7.6. This flaw allows remote authenticated users to execute arbitrary SQL commands, potentially compromising the integrity of the underlying database. Affected versions include Maximo Asset Management 7.5.x prior to IFIX004 and 7.6.x before IFIX002, especially in deployments related to SmartCloud Control Desk and Tivoli IT Asset Management products. Proper security measures and timely updates are crucial to mitigate risk.
References
Timeline
Vulnerability published
Vulnerability Reserved