Code injection

2015-10-0601:59:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.4%

JSON

maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file.

CPENameOperatorVersion
change_and_configuration_management_databaseeq7.1
change_and_configuration_management_databaseeq7.2
maximo_asset_managementeq7.5.0.8
maximo_asset_managementeq7.1.1.13
maximo_asset_managementeq7.5.0.5
maximo_asset_managementeq7.1.1.5
maximo_asset_managementeq7.1.1.7
maximo_asset_managementeq7.1.1.10
maximo_asset_managementeq7.1.1.8
maximo_asset_managementeq7.5.0.4

Name	Operator	Version
change_and_configuration_management_database	eq	7.1
change_and_configuration_management_database	eq	7.2
maximo_asset_management	eq	7.5.0.8
maximo_asset_management	eq	7.1.1.13
maximo_asset_management	eq	7.5.0.5
maximo_asset_management	eq	7.1.1.5
maximo_asset_management	eq	7.1.1.7
maximo_asset_management	eq	7.1.1.10
maximo_asset_management	eq	7.1.1.8
maximo_asset_management	eq	7.5.0.4