Skip to main content

Maximo Asset Management CVE-2017-1175

CRITICAL
SQL Injection (CWE-89)
2017-07-05 psirt@us.ibm.com
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 05, 2017 - 17:29 cve.org
CRITICAL 9.8

DescriptionCVE.org

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297.

AnalysisAI

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297. Affected products include: Ibm Maximo Asset Management.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2015-0104 HIGH POC
8.8 Apr 24

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database

CVE-2020-4463 HIGH POC
8.2 Jul 29

IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when proc

CVE-2015-0107 MEDIUM POC
6.5 Apr 24

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database

CVE-2021-20509 CRITICAL
9.8 Aug 12

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. Rated critical severity (CVSS 9.

CVE-2020-4493 CRITICAL
9.8 Oct 05

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a

CVE-2016-9984 HIGH
8.8 Jun 13

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the

CVE-2016-9977 HIGH
8.8 Jun 07

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the fa

CVE-2016-9976 HIGH
8.4 May 03

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. Rated high sever

CVE-2020-4521 HIGH
8.8 Sep 15

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the

CVE-2018-1699 HIGH
8.8 Aug 24

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulne

CVE-2018-1524 HIGH
8.8 Aug 03

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could

CVE-2018-1414 HIGH
8.8 Feb 22

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerabili

Share

CVE-2017-1175 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy