CVE-2015-4967 : SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Published 2015-10-06 01:59:13

Updated 2015-10-06 23:54:46

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: Sql Injection

Exploit prediction scoring system (EPSS) score for CVE-2015-4967

Probability of exploitation activity in the next 30 days: 0.10%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 41 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-4967

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2015-4967

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-4967

http://www-01.ibm.com/support/docview.wss?uid=swg21966181

IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL injection (CVE-2015-4967)
Patch;Vendor Advisory

Products affected by CVE-2015-4967

IBM » Maximo Asset Management » Version: 7.1
cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.5.0.0
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.1.1
cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.1.1.1
cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.1.1.10
cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.1.1.11
cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.1.1.6
cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.1.1.7
cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.1.1.2
cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.1.1.5
cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.1.1.8
cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.1.1.9
cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.5.0.1
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.5.0.2
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.5.0.3
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.5.0.4
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.1.1.12
cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.5.0.5
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.5.0.6
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.1.1.13
cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.5.0.8
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.5.0.7
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management » Version: 7.6.0.0
cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management Essentials » Version: 7.1
cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Asset Management Essentials » Version: 7.5
cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*
Matching versions
IBM » Tivoli Asset Management For It » Version: 7.1
cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*
Matching versions
IBM » Tivoli Asset Management For It » Version: 7.2
cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*
Matching versions
IBM » Smartcloud Control Desk » Version: 7.5
cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*
Matching versions
IBM » Tivoli Service Request Manager » Version: 7.1.0
cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*
Matching versions
IBM » Tivoli Service Request Manager » Version: 7.2.0.0
cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Change And Configuration Management Database » Version: 7.1
cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*
Matching versions
IBM » Change And Configuration Management Database » Version: 7.2
cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Government » Version: 7.5.0.3
cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Government » Version: 7.5.0.4
cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Government » Version: 7.1
cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Government » Version: 7.5.0.0
cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Government » Version: 7.5.0.5
cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Government » Version: 7.5.0.1
cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Government » Version: 7.5.0.2
cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Government » Version: 7.5.0.6
cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Nuclear Power » Version: 7.5.0.5
cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Nuclear Power » Version: 7.5.0.0
cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Nuclear Power » Version: 7.5.0.1
cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Nuclear Power » Version: 7.1
cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Nuclear Power » Version: 7.5.0.2
cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Nuclear Power » Version: 7.5.0.3
cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Nuclear Power » Version: 7.5.0.4
cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Nuclear Power » Version: 7.5.0.6
cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Transportation » Version: 7.1
cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Transportation » Version: 7.5.0.0
cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Transportation » Version: 7.5.0.1
cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Transportation » Version: 7.5.0.2
cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Transportation » Version: 7.5.0.3
cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Transportation » Version: 7.5.0.4
cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Transportation » Version: 7.5.0.5
cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Transportation » Version: 7.5.0.6
cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Life Sciences » Version: 7.1
cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Life Sciences » Version: 7.5.0.0
cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Life Sciences » Version: 7.5.0.1
cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Life Sciences » Version: 7.5.0.2
cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Life Sciences » Version: 7.5.0.3
cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Life Sciences » Version: 7.5.0.4
cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Life Sciences » Version: 7.5.0.5
cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Life Sciences » Version: 7.5.0.6
cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Oil And Gas » Version: 7.5.0.0
cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Oil And Gas » Version: 7.5.0.1
cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Oil And Gas » Version: 7.5.0.2
cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Oil And Gas » Version: 7.5.0.3
cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Oil And Gas » Version: 7.5.0.4
cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Oil And Gas » Version: 7.5.0.5
cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Oil And Gas » Version: 7.1
cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Oil And Gas » Version: 7.5.0.6
cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Utilities » Version: 7.5.0.2
cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Utilities » Version: 7.5.0.3
cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Utilities » Version: 7.5.0.4
cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Utilities » Version: 7.5.0.5
cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Utilities » Version: 7.1
cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Utilities » Version: 7.5.0.0
cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Utilities » Version: 7.5.0.1
cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Utilities » Version: 7.5.0.6
cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Maximo For Energy Optimization » Version: 7.1
cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-4967

Exploit prediction scoring system (EPSS) score for CVE-2015-4967

CVSS scores for CVE-2015-4967

CWE ids for CVE-2015-4967

References for CVE-2015-4967

Products affected by CVE-2015-4967