CVE-2020-4526: CSRF
First published: Tue Sep 01 2020(Updated: )
IBM Maximo Asset Management is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Maximo Asset Management | <=7.6.0 | |
| IBM Maximo Asset Management | <=7.6.1 | |
| IBM Maximo Asset Management | >=7.6.0<7.6.0.10 | |
| IBM Maximo Asset Management | >=7.6.1<7.6.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity score of CVE-2020-4526?
The severity score of CVE-2020-4526 is 4.3 (medium).
What is IBM Maximo Asset Management?
IBM Maximo Asset Management is an asset management software developed by IBM.
What is cross-site request forgery?
Cross-site request forgery (CSRF) is an attack that tricks the victim into submitting a malicious request, which could lead to unauthorized actions on their behalf.
How does CVE-2020-4526 affect IBM Maximo Asset Management?
CVE-2020-4526 affects IBM Maximo Asset Management versions 7.6.0 and 7.6.1, allowing an attacker to execute malicious and unauthorized actions transmitted from a trusted user.
How can I mitigate the vulnerability?
To mitigate CVE-2020-4526, it is recommended to apply the necessary patches provided by IBM.
- collector/ibm-support
- collector/nvd-index
- vendor/ibm
- canonical/ibm maximo asset management
- version/ibm maximo asset management/7.6.0
- version/ibm maximo asset management/7.6.1