| Vulnerability Name: | CVE-2017-1352 (CCN-126538) | ||||||||||||
| Assigned: | 2016-11-30 | ||||||||||||
| Published: | 2017-09-06 | ||||||||||||
| Updated: | 2017-09-21 | ||||||||||||
| Summary: | IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538. | ||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-77 | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-1352 Source: CCN Type: IBM Security Bulletin 2006650 (Maximo Asset Management) IBM Maximo Asset Management could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file (CVE-2017-1352) Source: CONFIRM Type: Vendor Advisory http://www.ibm.com/support/docview.wss?uid=swg22006650 Source: BID Type: Third Party Advisory, VDB Entry 100697 Source: CCN Type: BID-100697 IBM Maximo Asset Management CVE-2017-1352 Remote Command Injection Vulnerability Source: MISC Type: Third Party Advisory, VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/126538 Source: XF Type: UNKNOWN ibm-maximo-cve20171352-command-injection(126538) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||