8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
52.7%
IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to CSV injection.
CVEID:CVE-2022-35281
**DESCRIPTION:**IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to CSV injection.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230635 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Maximo Asset Management | 7.6.1.1 |
IBM Maximo Asset Management | 7.6.1.2 |
IBM Maximo Asset Management | 7.6.1.3 |
IBM Maximo Application Suite - Manage Component | 8.3 |
IBM Maximo Application Suite - Manage Component | 8.4 |
The recommended solution is to download the appropriate Interim Fix or Fix Pack from Fix Central (What is Fix Central?) and apply for each affected product as soon as possible. Please see below for information on the fixes available for each product, version, and release. Follow the installation instructions in the βreadmeβ documentation provided with each fix pack or interim fix.
For Maximo Asset Management 7.6:
VRM | Fix Pack, Feature Pack, or Interim Fix | Download |
---|---|---|
7.6.1.1 | Maximo Asset Management 7.6.1.1 iFix: | |
7.6.1.1-TIV-MBS-IF023 or latest Interim Fix available | FixCentral | |
7.6.1.2 |
Maximo Asset Management 7.6.1.2 iFix:
7.6.1.2-TIV-MBS-IF028 or latest Interim Fix available
|
7.6.1.3 |
Maximo Asset Management 7.6.1.3 iFix:
7.6.1.3-TIV-MBS-IF003 or latest Interim Fix available
|
For IBM Maximo Manage application in IBM Maximo Application Suite:
MAS | Manage Patch Fix or Release |
---|---|
8.7 | 8.3.4 or latest (available from the Catalog under Update Available) |
8.8 | 8.4.1 or latest (available from the Catalog under Update Available) |
None
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
52.7%