CVE-2015-4967

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21966181	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:::::::*
	cpe:2.3:a:ibm:maximo_for_government:7.1:::::::*
	cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:::::::*
	cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:::::::*
	cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:::::::*
	cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:::::::*
	cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:::::::*
	cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:::::::*
	cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:::::::*
	cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:::::::*
	cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:::::::*
	cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:::::::*
	cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:::::::*
	cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:::::::*
	cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:::::::*
	cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:::::::*
	cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:::::::*
	cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1:::::::*
	cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:::::::*
	cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:::::::*
	cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:::::::*
	cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:::::::*
	cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:::::::*
	cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:::::::*
	cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:::::::*
	cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:::::::*
	cpe:2.3:a:ibm:maximo_for_utilities:7.1:::::::*
	cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:::::::*
	cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:::::::*
	cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:::::::*
	cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:::::::*
	cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:::::::*
	cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:::::::*
	cpe:2.3:a:ibm:smartcloud_control_desk:7.5:::::::*
	cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:::::::*
	cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:::::::*
	cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:::::::*
	cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:::::::*
	cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:::::::*
	cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:::::::*
	cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:::::::*
	cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:::::::*
	cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:::::::*
	cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:::::::*
	cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:::::::*
	cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:::::::*
	cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:::::::*
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:::::::*
cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:::::::*
cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:::::::*
cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:::::::*
cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:::::::*
cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:::::::*
cpe:2.3:a:ibm:maximo_asset_management:7.1.1:::::::*
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:::::::*
cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:::::::*
cpe:2.3:a:ibm:maximo_for_transportation:7.1:::::::*
cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:::::::*
cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:::::::*
cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:::::::*
cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:::::::*
cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:::::::*
cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:::::::*
cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:::::::*

Information

Published : 2015-10-05 18:59

Updated : 2015-10-06 16:54

NVD link : CVE-2015-4967

Mitre link : CVE-2015-4967

JSON object : View

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Products Affected

ibm

maximo_for_life_sciences
change_and_configuration_management_database
tivoli_asset_management_for_it
maximo_for_nuclear_power
maximo_asset_management_essentials
maximo_asset_management
maximo_for_government
smartcloud_control_desk
maximo_for_energy_optimization
maximo_for_utilities
maximo_for_oil_and_gas
tivoli_service_request_manager
maximo_for_transportation

6.5 /10