CVE-2020-4521
First published: Tue Sep 01 2020(Updated: )
IBM Maximo Asset Management could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Maximo Asset Management | <=7.6.0 | |
| IBM Maximo Asset Management | <=7.6.1 | |
| IBM Maximo Asset Management | >=7.6.0<7.6.0.10 | |
| IBM Maximo Asset Management | >=7.6.1<7.6.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-4521?
The severity of CVE-2020-4521 is critical, with a severity value of 8.8.
How does CVE-2020-4521 impact IBM Maximo Asset Management?
CVE-2020-4521 could allow a remote authenticated attacker to execute arbitrary code on IBM Maximo Asset Management.
What is the cause of CVE-2020-4521?
CVE-2020-4521 is caused by an unsafe deserialization in Java.
How can an attacker exploit CVE-2020-4521?
An attacker can exploit CVE-2020-4521 by sending a specially-crafted request to execute arbitrary code on the system.
How can I mitigate the vulnerability CVE-2020-4521?
To mitigate CVE-2020-4521, it is recommended to apply the necessary security patches provided by IBM.
- collector/ibm-support
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- vendor/ibm
- canonical/ibm maximo asset management
- version/ibm maximo asset management/7.6.0
- version/ibm maximo asset management/7.6.1