CVE-2015-4967

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.1 through 7.1.1.13 IBM Maximo Asset Management versions 7.5.0 before 7.5.0.8 IFIX004 IBM Maximo Asset Management versions 7.6.0 before 7.6.0.1 IFIX002 IBM Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 for SmartCloud Control Desk IBM Maximo Asset Management 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk IBM Maximo Asset Management versions 7.1 through 7.1.1.13 for Tivoli IT Asset Management for IT IBM Maximo Asset Management version 7.2 for Tivoli IT Asset Management for IT

Description The issue allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. This can lead to unauthorized access and manipulation of data.

Recommendations For IBM Maximo Asset Management versions 7.1 through 7.1.1.13, update to a version after 7.1.1.13. For IBM Maximo Asset Management versions 7.5.0 before 7.5.0.8 IFIX004, apply IFIX004 or update to a version after 7.5.0.8 IFIX004. For IBM Maximo Asset Management versions 7.6.0 before 7.6.0.1 IFIX002, apply IFIX002 or update to a version after 7.6.0.1 IFIX002. For IBM Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 for SmartCloud Control Desk, apply IFIX004 or update to a version after 7.5.0.8 IFIX004. For IBM Maximo Asset Management 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk, apply IFIX002 or update to a version after 7.6.0.1 IFIX002. For IBM Maximo Asset Management versions 7.1 through 7.1.1.13 for Tivoli IT Asset Management for IT, update to a version after 7.1.1.13. For IBM Maximo Asset Management version 7.2 for Tivoli IT Asset Management for IT, update to a version after 7.2.