Description
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg22006650
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100697
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/126538
Scores
CVSS v3
5.5
EPSS
0.0080
EPSS Percentile
52.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-77
Status
published
Products (4)
IBM/Maximo Asset Management
7.5
IBM/Maximo Asset Management
7.6
ibm/maximo_asset_management
7.5
ibm/maximo_asset_management
7.6
Published
Sep 12, 2017
Tracked Since
Feb 18, 2026