CVE-2015-4967
Last modified
CVE-2015-4967 is a vulnerability of currently unknown severity. SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.. EPSS estimates a 0.99% chance of exploitation in the next 30 days.
Description
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Change And Configuration Management Database | 7.1 |
| Ibm | Change And Configuration Management Database | 7.2 |
| Ibm | Maximo Asset Management | 7.1 |
| Ibm | Maximo Asset Management | 7.1.1 |
| Ibm | Maximo Asset Management | 7.1.1.1 |
| Ibm | Maximo Asset Management | 7.1.1.2 |
| Ibm | Maximo Asset Management | 7.1.1.5 |
| Ibm | Maximo Asset Management | 7.1.1.6 |
| Ibm | Maximo Asset Management | 7.1.1.7 |
| Ibm | Maximo Asset Management | 7.1.1.8 |
| Ibm | Maximo Asset Management | 7.1.1.9 |
| Ibm | Maximo Asset Management | 7.1.1.10 |
| Ibm | Maximo Asset Management | 7.1.1.11 |
| Ibm | Maximo Asset Management | 7.1.1.12 |
| Ibm | Maximo Asset Management | 7.1.1.13 |
| Ibm | Maximo Asset Management | 7.5.0.0 |
| Ibm | Maximo Asset Management | 7.5.0.1 |
| Ibm | Maximo Asset Management | 7.5.0.2 |
| Ibm | Maximo Asset Management | 7.5.0.3 |
| Ibm | Maximo Asset Management | 7.5.0.4 |
| Ibm | Maximo Asset Management | 7.5.0.5 |
| Ibm | Maximo Asset Management | 7.5.0.6 |
| Ibm | Maximo Asset Management | 7.5.0.7 |
| Ibm | Maximo Asset Management | 7.5.0.8 |
| Ibm | Maximo Asset Management | 7.6.0.0 |
| Ibm | Maximo Asset Management Essentials | 7.1 |
| Ibm | Maximo Asset Management Essentials | 7.5 |
| Ibm | Maximo For Energy Optimization | 7.1 |
| Ibm | Maximo For Government | 7.1 |
| Ibm | Maximo For Government | 7.5.0.0 |
| Ibm | Maximo For Government | 7.5.0.1 |
| Ibm | Maximo For Government | 7.5.0.2 |
| Ibm | Maximo For Government | 7.5.0.3 |
| Ibm | Maximo For Government | 7.5.0.4 |
| Ibm | Maximo For Government | 7.5.0.5 |
| Ibm | Maximo For Government | 7.5.0.6 |
| Ibm | Maximo For Life Sciences | 7.1 |
| Ibm | Maximo For Life Sciences | 7.5.0.0 |
| Ibm | Maximo For Life Sciences | 7.5.0.1 |
| Ibm | Maximo For Life Sciences | 7.5.0.2 |
| Ibm | Maximo For Life Sciences | 7.5.0.3 |
| Ibm | Maximo For Life Sciences | 7.5.0.4 |
| Ibm | Maximo For Life Sciences | 7.5.0.5 |
| Ibm | Maximo For Life Sciences | 7.5.0.6 |
| Ibm | Maximo For Nuclear Power | 7.1 |
| Ibm | Maximo For Nuclear Power | 7.5.0.0 |
| Ibm | Maximo For Nuclear Power | 7.5.0.1 |
| Ibm | Maximo For Nuclear Power | 7.5.0.2 |
| Ibm | Maximo For Nuclear Power | 7.5.0.3 |
| Ibm | Maximo For Nuclear Power | 7.5.0.4 |
Showing 50 of 81 affected configurations. See NVD for the full list.
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21966181Patch, Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21966181Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-4967?
How severe is CVE-2015-4967?
How do I fix CVE-2015-4967?
Are you affected by CVE-2015-4967?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST