CVE-2019-4364 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Severity

85%

Complexity

68%

Confidentiality

165%

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.

CVSS 3.0 Base Score 8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 8.5. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:C/I:C/A:C).

Overview

Type

IBM

First reported 5 years ago

2019-06-19 14:15:00

Last updated 5 years ago

2019-06-27 13:15:00

Affected Software

IBM Maximo Asset Management 7.6

7.6

IBM Control Desk 7.6.0

7.6.0

IBM Control Desk 7.6.0.1

7.6.0.1

IBM Maximo for Aviation 7.6.1

7.6.1

IBM Maximo for Aviation 7.6.2

7.6.2

IBM Maximo For Aviation 7.6.2.1

7.6.2.1

IBM Maximo for Aviation 7.6.3

7.6.3

IBM Maximo for Life Sciences 7.6

7.6

IBM Maximo for Nuclear Power 7.6.0

7.6.0

IBM Maximo for Oil and Gas 7.6.0

7.6.0

IBM Maximo for Transportation 7.6.1

7.6.1

IBM Maximo for Transportation 7.6.2

7.6.2

IBM Maximo For Transportation 7.6.2.1

7.6.2.1

IBM Maximo For Transportation 7.6.2.2

7.6.2.2

IBM Maximo For Transportation 7.6.2.3

7.6.2.3

IBM Maximo For Transportation 7.6.2.4

7.6.2.4

IBM SmartCloud Control Desk

References

108910

ibm-maximo-cve20194364-code-exec (161680)

VDB Entry, Vendor Advisory

https://www.ibm.com/support/docview.wss?uid=ibm10887557

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.