CVE-2012-0747: SQL Injection
First published: Mon Sep 10 2012(Updated: )
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Tivoli Change and Configuration Management Database | =6.0 | |
| IBM Tivoli Change and Configuration Management Database | =7.0 | |
| IBM Maximo Asset Management | =6.2.0.0 | |
| IBM Maximo Asset Management | =7.1.0.0 | |
| IBM Maximo Asset Management | =7.5.0.0 | |
| IBM Maximo Service Desk | =6.2 | |
| IBM Control Desk | =7.0 | |
| IBM Tivoli IT Asset Management for IT | =6.0 | |
| IBM Tivoli IT Asset Management for IT | =6.2 | |
| IBM Tivoli IT Asset Management for IT | =7.0 | |
| IBM Tivoli IT Asset Management for IT | =7.1 | |
| IBM Tivoli IT Asset Management for IT | =7.2 | |
| IBM Tivoli Service Request Manager | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-0747?
CVE-2012-0747 has a medium severity rating, which allows for SQL injection by authenticated users in various IBM applications.
How do I fix CVE-2012-0747?
To fix CVE-2012-0747, upgrade to the latest patched version of the affected IBM software.
Which versions of IBM software are affected by CVE-2012-0747?
CVE-2012-0747 affects IBM Maximo Asset Management versions 6.2 through 7.5 and several Tivoli products.
Can CVE-2012-0747 be exploited remotely?
Yes, CVE-2012-0747 can be exploited remotely by authenticated users through SQL injection.
What impact does CVE-2012-0747 have on users?
CVE-2012-0747 can allow authenticated users to execute arbitrary SQL commands, possibly leading to data exposure or corruption.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm tivoli change and configuration management database
- version/ibm tivoli change and configuration management database/6.0
- version/ibm tivoli change and configuration management database/7.0
- canonical/ibm maximo asset management
- version/ibm maximo asset management/6.2.0.0
- version/ibm maximo asset management/7.1.0.0
- version/ibm maximo asset management/7.5.0.0
- canonical/ibm maximo service desk
- version/ibm maximo service desk/6.2
- canonical/ibm control desk
- version/ibm control desk/7.0
- canonical/ibm tivoli it asset management for it
- version/ibm tivoli it asset management for it/6.0
- version/ibm tivoli it asset management for it/6.2
- version/ibm tivoli it asset management for it/7.0
- version/ibm tivoli it asset management for it/7.1
- version/ibm tivoli it asset management for it/7.2
- canonical/ibm tivoli service request manager
- version/ibm tivoli service request manager/7.0