CVE-2022-35281

Published Jan 9, 2023

Last updated a year ago

CVSS high 8.8

Overview

Description: IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

psirt@us.ibm.com: CWE-1236

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EC549A8-8A0A-4849-884F-5B470BB41F14"
          },
          {
            "criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F41112B7-EF72-42A6-883C-889B39DAE47C"
          },
          {
            "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C"
          },
          {
            "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F9DA22B-5DD7-4551-AC7A-61949D246F5D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References