CVE-2017-1357

MEDIUM

IBM Maximo Asset Mgmt <7.6 - Privilege Escalation

Title source: llm
STIX 2.1

Description

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100214
VDB Entry, Vendor Advisory x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/126684
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg22006647

Scores

CVSS v3 4.3
EPSS 0.0091
EPSS Percentile 55.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-20
Status published
Products (40)
IBM/Maximo Asset Management 7.5
IBM/Maximo Asset Management 7.6
ibm/maximo_asset_management 7.5.0.0
ibm/maximo_asset_management 7.5.0.1
ibm/maximo_asset_management 7.5.0.2
ibm/maximo_asset_management 7.5.0.3
ibm/maximo_asset_management 7.5.0.4
ibm/maximo_asset_management 7.5.0.5
ibm/maximo_asset_management 7.5.0.6
ibm/maximo_asset_management 7.5.0.7
... and 30 more
Published Aug 09, 2017
Tracked Since Feb 18, 2026