Vulnerability Description
SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Change And Configuration Management Database | 7.1.1.7 |
| Ibm | Maximo Service Desk | 7.1.1.7 |
| Ibm | Tivoli Asset Management For It | 7.0 |
| Ibm | Tivoli It Asset Management For It | 7.1.1.7 |
| Ibm | Tivoli Service Request Manager | 7.0 |
| Ibm | Smartcloud Control Desk | 7.0 |
| Ibm | Maximo Asset Management | 7.5.0.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871
- http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85793
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871
- http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85793
FAQ
What is CVE-2013-4016?
CVE-2013-4016 is a vulnerability with a CVSS score of 6.5 (MEDIUM). SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027,...
How severe is CVE-2013-4016?
CVE-2013-4016 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4016?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Change And Configuration Management Database, Ibm Maximo Service Desk, Ibm Tivoli Asset Management For It, Ibm Tivoli It Asset Management For It, Ibm Tivoli Service Request Manager.