What is the vulnerability ID of this vulnerability?

The vulnerability ID of this vulnerability is CVE-2019-4056.

What is the severity of CVE-2019-4056?

The severity of CVE-2019-4056 is medium.

Which IBM products are affected by CVE-2019-4056?

IBM Control Desk, IBM Maximo Asset Management, IBM Maximo For Aviation, IBM Maximo For Life Sciences, IBM Maximo For Nuclear Power, IBM Maximo For Oil And Gas, IBM Maximo For Transportation, IBM Maximo For Utilities, IBM SmartCloud Control Desk, and IBM Tivoli Integration Composer are affected by CVE-2019-4056.

How does CVE-2019-4056 affect IBM Maximo Asset Management 7.6 Work Centers' application?

CVE-2019-4056 allows attackers to upload malicious files to IBM Maximo Asset Management 7.6 Work Centers' application.

Is there a fix available for CVE-2019-4056?

Yes, IBM has provided a fix for CVE-2019-4056. Please refer to the IBM support page for more information.

Vulnerability/
CVE-2019-4056

medium

4.3

CWE

434

6/6/2019

9/12/2022

CVE-2019-4056: Malicious File Upload

First published: Thu Jun 06 2019(Updated: )

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Control Desk	=7.6.0
IBM Control Desk	=7.6.0.1
IBM Maximo Asset Management	=7.6
Ibm Maximo For Aviation	=7.6
Ibm Maximo For Aviation	=7.6.1
Ibm Maximo For Aviation	=7.6.2
Ibm Maximo For Aviation	=7.6.2.1
Ibm Maximo For Aviation	=7.6.3
Ibm Maximo For Life Sciences	=7.6
Ibm Maximo For Nuclear Power	=7.6.0
Ibm Maximo For Oil And Gas	=7.6.0
Ibm Maximo For Transportation	=7.6.1
Ibm Maximo For Transportation	=7.6.2
Ibm Maximo For Transportation	=7.6.2.1
Ibm Maximo For Transportation	=7.6.2.2
Ibm Maximo For Transportation	=7.6.2.3
Ibm Maximo For Transportation	=7.6.2.4
Ibm Maximo For Utilities	=7.6
IBM SmartCloud Control Desk
IBM Maximo Asset Management

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2019-4056.
What is the severity of CVE-2019-4056?
The severity of CVE-2019-4056 is medium.
Which IBM products are affected by CVE-2019-4056?
IBM Control Desk, IBM Maximo Asset Management, IBM Maximo For Aviation, IBM Maximo For Life Sciences, IBM Maximo For Nuclear Power, IBM Maximo For Oil And Gas, IBM Maximo For Transportation, IBM Maximo For Utilities, IBM SmartCloud Control Desk, and IBM Tivoli Integration Composer are affected by CVE-2019-4056.
How does CVE-2019-4056 affect IBM Maximo Asset Management 7.6 Work Centers' application?
CVE-2019-4056 allows attackers to upload malicious files to IBM Maximo Asset Management 7.6 Work Centers' application.
Is there a fix available for CVE-2019-4056?
Yes, IBM has provided a fix for CVE-2019-4056. Please refer to the IBM support page for more information.

collector/nvd-index
vendor/ibm
canonical/ibm control desk
version/ibm control desk/7.6.0
version/ibm control desk/7.6.0.1
canonical/ibm maximo asset management
version/ibm maximo asset management/7.6
canonical/ibm maximo for aviation
version/ibm maximo for aviation/7.6
version/ibm maximo for aviation/7.6.1
version/ibm maximo for aviation/7.6.2
version/ibm maximo for aviation/7.6.2.1
version/ibm maximo for aviation/7.6.3
canonical/ibm maximo for life sciences
version/ibm maximo for life sciences/7.6
canonical/ibm maximo for nuclear power
version/ibm maximo for nuclear power/7.6.0
canonical/ibm maximo for oil and gas
version/ibm maximo for oil and gas/7.6.0
canonical/ibm maximo for transportation
version/ibm maximo for transportation/7.6.1
version/ibm maximo for transportation/7.6.2
version/ibm maximo for transportation/7.6.2.1
version/ibm maximo for transportation/7.6.2.2
version/ibm maximo for transportation/7.6.2.3
version/ibm maximo for transportation/7.6.2.4
canonical/ibm maximo for utilities
version/ibm maximo for utilities/7.6
canonical/ibm smartcloud control desk