Vulnerability CVE-2019-4364


Published: 2019-06-19

Description:
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.

Type:

CWE-74

Vendor: IBM
Product: Maximo for aviation 
Version:
7.6.3
7.6.2.1
7.6.2
7.6.1
7.6
Product: Maximo for transportation 
Version:
7.6.2.4
7.6.2.3
7.6.2.2
7.6.2.1
7.6.2
7.6.1
Product: Control desk 
Version: 7.6.0.1; 7.6.0;
Product: Maximo for nuclear power 
Version: 7.6.0;
Product: Maximo for oil and gas 
Version: 7.6.0;
Product: Maximo for utilities 
Version: 7.6;
Product: Maximo asset management 
Version: 7.6;
Product: Maximo for life sciences 
Version: 7.6;
Product: Tivoli integration composer 
Product: Smartcloud control desk 

CVSS2 => (AV:N/AC:M/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.5/10
10/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securityfocus.com/bid/108910
https://exchange.xforce.ibmcloud.com/vulnerabilities/161680
https://www.ibm.com/support/docview.wss?uid=ibm10887557

Related CVE
CVE-2019-4211
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...
CVE-2019-4054
IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. IBM X-Force ID: 156563.
CVE-2018-2022
IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 155346.
CVE-2018-2021
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...
CVE-2019-4263
IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015.
CVE-2019-4193
IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-force...
CVE-2019-4131
IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270.
CVE-2019-4118
IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could allow a local attacker with admin privileges to obtain highly sensitive information upon deployment. IBM X-Force ID: 158144.

Copyright 2019, cxsecurity.com

 

Back to Top