SQL Injection in Ibm Change_and_configuration_management_database
CVE-2015-4967
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for Smar…
Vulnerability class: SQL Injection
EPSS: 0.003 (51.3th percentile) — read the EPSS interpretation.
Affected products
- Ibm Change_and_configuration_management_database — versions 7.1, 7.2
- Ibm Maximo_asset_management — versions 7.1, 7.1.1, 7.1.1.1
- Ibm Maximo_asset_management_essentials — versions 7.1, 7.5
- Ibm Maximo_for_energy_optimization — versions 7.1
- Ibm Maximo_for_government — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_life_sciences — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_nuclear_power — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_oil_and_gas — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_transportation — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_utilities — versions 7.1, 7.5.0.0, 7.5.0.1
Weakness classification (CWE)
References
- psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)