Lucene search

IbmCVELIST:CVE-2022-35281

HistoryJan 06, 2023 - 4:50 p.m.

CVE-2022-35281 IBM Maximo Application Suite command injection

2023-01-0616:50:24

CWE-1236

ibm

www.cve.org

ibm

maximo

application suite

csv injection

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.7%

JSON

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Maximo Asset Management",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.6.1.1, 7.6.1.2, 7.6.1.3"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Maximo Manage",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.3, 8.4"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/230635

www.ibm.com/support/pages/node/6852669