- Description
- IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.4
- Exploitability score
- 2.1
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
- nvd@nist.gov
- CWE-77
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9"
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242"
}
],
"operator": "OR"
}
]
}
]