CVE-2019-4650: SQL Injection
First published: Thu Jun 04 2020(Updated: )
IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Maximo Asset Management | =7.6.1.1 | |
| <=7.6.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-4650?
The severity of CVE-2019-4650 is medium with a score of 6.3.
What is affected by CVE-2019-4650?
IBM Maximo Asset Management version 7.6.1.1 is affected by CVE-2019-4650.
What is the vulnerability description of CVE-2019-4650?
CVE-2019-4650 is a SQL injection vulnerability in IBM Maximo Asset Management 7.6.1.1, which allows remote attackers to view, add, modify, or delete information in the back-end database.
How can an attacker exploit CVE-2019-4650?
An attacker can exploit CVE-2019-4650 by sending specially-crafted SQL statements to the vulnerable IBM Maximo Asset Management instance.
How can I mitigate the vulnerability in IBM Maximo Asset Management 7.6.1.1?
To mitigate the vulnerability in IBM Maximo Asset Management 7.6.1.1, apply the necessary security patches provided by IBM and follow their recommended best practices for secure configuration.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/softwarecombine
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- vendor/ibm
- canonical/ibm maximo asset management
- version/ibm maximo asset management/7.6.1.1