CVE-2022-35281

MEDIUM

IBM Maximo <8.4 - Code Injection

Title source: llm

Description

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335.

References (2)

[Vendor Advisory] https://www.ibm.com/support/pages/node/6852669

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/230635

Scores

CVSS v3 5.5

EPSS 0.0072

EPSS Percentile 72.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1236

Status published

Products (5)

ibm/maximo_application_suite 8.3

ibm/maximo_application_suite 8.4

ibm/maximo_asset_management 7.6.1.1

ibm/maximo_asset_management 7.6.1.2

ibm/maximo_asset_management 7.6.1.3

Published Jan 09, 2023

Tracked Since Feb 18, 2026