What is the severity of CVE-2013-3973?

CVE-2013-3973 is considered a medium to high severity vulnerability due to the potential for remote authenticated users to execute arbitrary SQL commands.

How do I fix CVE-2013-3973?

To fix CVE-2013-3973, upgrade IBM Maximo Asset Management to version 7.1.1.12 or 7.5.0.5 or later.

Who is affected by CVE-2013-3973?

CVE-2013-3973 affects IBM Maximo Asset Management versions 7.1 and 7.5 prior to specified updates.

What type of vulnerability is CVE-2013-3973?

CVE-2013-3973 is an SQL injection vulnerability allowing unauthorized SQL command execution.

Can CVE-2013-3973 be exploited remotely?

Yes, CVE-2013-3973 can be exploited by remote authenticated users to execute SQL commands.

Vulnerability/
CVE-2013-3973

medium

6.5

CWE

1/10/2013

29/8/2017

CVE-2013-3973: SQL Injection

First published: Tue Oct 01 2013(Updated: )

SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Maximo Asset Management	=7.5.0.0
IBM Maximo Asset Management	=7.5.0.1
IBM Maximo Asset Management	=7.5.0.2
IBM Maximo Asset Management	=7.5.0.3
IBM Maximo Asset Management	=7.5.0.4
IBM Maximo Asset Management	=7.1
IBM Maximo Asset Management	=7.1.1
IBM Maximo Asset Management	=7.1.1.1
IBM Maximo Asset Management	=7.1.1.2
IBM Maximo Asset Management	=7.1.1.5
IBM Maximo Asset Management	=7.1.1.6
IBM Maximo Asset Management	=7.1.1.7
IBM Maximo Asset Management	=7.1.1.8
IBM Maximo Asset Management	=7.1.1.9
IBM Maximo Asset Management	=7.1.1.10
IBM Maximo Asset Management	=7.1.1.11

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-3973?
CVE-2013-3973 is considered a medium to high severity vulnerability due to the potential for remote authenticated users to execute arbitrary SQL commands.
How do I fix CVE-2013-3973?
To fix CVE-2013-3973, upgrade IBM Maximo Asset Management to version 7.1.1.12 or 7.5.0.5 or later.
Who is affected by CVE-2013-3973?
CVE-2013-3973 affects IBM Maximo Asset Management versions 7.1 and 7.5 prior to specified updates.
What type of vulnerability is CVE-2013-3973?
CVE-2013-3973 is an SQL injection vulnerability allowing unauthorized SQL command execution.
Can CVE-2013-3973 be exploited remotely?
Yes, CVE-2013-3973 can be exploited by remote authenticated users to execute SQL commands.

agent/type
agent/event
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/tags
agent/weakness
agent/references
agent/author
agent/description
agent/severity
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm maximo asset management
version/ibm maximo asset management/7.5.0.0
version/ibm maximo asset management/7.5.0.1
version/ibm maximo asset management/7.5.0.2
version/ibm maximo asset management/7.5.0.3
version/ibm maximo asset management/7.5.0.4
version/ibm maximo asset management/7.1
version/ibm maximo asset management/7.1.1
version/ibm maximo asset management/7.1.1.1
version/ibm maximo asset management/7.1.1.2
version/ibm maximo asset management/7.1.1.5
version/ibm maximo asset management/7.1.1.6
version/ibm maximo asset management/7.1.1.7
version/ibm maximo asset management/7.1.1.8
version/ibm maximo asset management/7.1.1.9
version/ibm maximo asset management/7.1.1.10
version/ibm maximo asset management/7.1.1.11