SQL Injection Vulnerability in IBM Maximo Asset Management Products
CVE-2015-4967

Currently unrated

Key Information:

Summary

An SQL injection vulnerability exists in IBM Maximo Asset Management versions 7.1 through 7.1.1.13, and certain versions of 7.5 and 7.6. This flaw allows remote authenticated users to execute arbitrary SQL commands, potentially compromising the integrity of the underlying database. Affected versions include Maximo Asset Management 7.5.x prior to IFIX004 and 7.6.x before IFIX002, especially in deployments related to SmartCloud Control Desk and Tivoli IT Asset Management products. Proper security measures and timely updates are crucial to mitigate risk.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.