CVE-2017-1352: Command Injection
First published: Tue Sep 12 2017(Updated: )
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Maximo Asset Management | =7.5 | |
| IBM Maximo Asset Management | =7.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-1352?
CVE-2017-1352 is rated as medium severity due to the potential for command injection by authenticated users.
How do I fix CVE-2017-1352?
To fix CVE-2017-1352, update IBM Maximo Asset Management to the latest version that addresses the vulnerability.
Who is affected by CVE-2017-1352?
CVE-2017-1352 affects users of IBM Maximo Asset Management versions 7.5 and 7.6.
What impact can CVE-2017-1352 have on systems?
CVE-2017-1352 allows an authenticated user to inject and execute commands through work orders.
Is CVE-2017-1352 specific to IBM Maximo Asset Management?
Yes, CVE-2017-1352 specifically impacts IBM Maximo Asset Management software versions 7.5 and 7.6.
- agent/type
- agent/softwarecombine
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm maximo asset management
- version/ibm maximo asset management/7.5
- version/ibm maximo asset management/7.6