CVE-2019-4650

6.3MEDIUM

Key Information

Vendor: IBM
Status: Maximo Asset Management
Vendor: CVE Published:; 26 June 2020

Badges

👾 Exploit Exists🔴 Public PoC

Summary

IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961.

Affected Version(s)

Maximo Asset Management = 7.6.1.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Maximo_Sql_Injection-CVE-2019-4650
Created by aneeshanilkumar89

Refferences

https://www.ibm.com/support/pages/node/6223922

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/170961

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🔴
Public PoC available
Sep 26, 2024
👾
Exploit known to exist
Sep 26, 2024
Vulnerability published
Jun 26, 2020
Vulnerability Reserved
Jan 3, 2019

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)