1. Home
  2. CVE Database
  3. CVE-2015-7448
MEDIUM · 5.4

CVE-2015-7448

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7...

Vulnerability Description

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
IbmChange And Configuration Management Database7.1
IbmMaximo Asset Management7.1
IbmMaximo Asset Management Essentials7.1
IbmMaximo For Energy Optimization7.1
IbmMaximo For Government7.1
IbmMaximo For Life Sciences7.1
IbmMaximo For Nuclear Power7.1
IbmMaximo For Oil And Gas7.1
IbmMaximo For Transportation7.1
IbmMaximo For Utilities7.1
IbmSmartcloud Control Desk7.5
IbmTivoli Asset Management For It7.1
IbmTivoli Service Request Manager7.1.0

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2015-7448?

CVE-2015-7448 is a vulnerability with a CVSS score of 5.4 (MEDIUM). SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7...

How severe is CVE-2015-7448?

CVE-2015-7448 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-7448?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Change And Configuration Management Database, Ibm Maximo Asset Management, Ibm Maximo Asset Management Essentials, Ibm Maximo For Energy Optimization, Ibm Maximo For Government.