CVE-2020-4529

HIGH

IBM Maximo Asset Management 7.6.0 and 7.6.1 - Authenticated Server-Side Request Forgery

Title source: llm
STIX 2.1

Description

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6220528
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/182713

Scores

CVSS v3 7.4
EPSS 0.0082
EPSS Percentile 52.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Details

CWE
CWE-918
Status published
Products (2)
ibm/maximo_asset_management 7.6.0.0
ibm/maximo_asset_management 7.6.1.0
Published Jun 08, 2020
Tracked Since Feb 18, 2026