RCE in Ibm Maximo Asset Management
CVE-2017-1352
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.003 (56.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L.
Affected products
- Ibm Maximo Asset Management — versions 7.5, 7.6
- Ibm Maximo_asset_management — versions 7.5, 7.6
Weakness classification (CWE)
References
- psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
- psirt@us.ibm.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- psirt@us.ibm.com (VDB Entry, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2017-1352?
- CVE-2017-1352 is a medium-severity vulnerability in Ibm Maximo Asset Management, classified under Command Injection. CVSS score: 5.5/10. Published 2017-09-12.
- How severe is CVE-2017-1352?
- Medium severity. CVSS v3 base score is 5.5 out of 10.