Vulnerability Description
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.
CVSS Score
5.5
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Maximo Asset Management | 7.5 |
Related Weaknesses (CWE)
References
- http://www.ibm.com/support/docview.wss?uid=swg22006650Vendor Advisory
- http://www.securityfocus.com/bid/100697Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/126538Third Party AdvisoryVDB Entry
- http://www.ibm.com/support/docview.wss?uid=swg22006650Vendor Advisory
- http://www.securityfocus.com/bid/100697Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/126538Third Party AdvisoryVDB Entry
FAQ
What is CVE-2017-1352?
CVE-2017-1352 is a vulnerability with a CVSS score of 5.5 (MEDIUM). IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 1...
How severe is CVE-2017-1352?
CVE-2017-1352 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-1352?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Maximo Asset Management.