CVE-2015-7448

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.1 through 7.1.1.13 IBM Maximo Asset Management versions 7.5.0 before 7.5.0.9 IFIX003 IBM Maximo Asset Management versions 7.6.0 before 7.6.0.3 IFIX001 IBM Maximo Asset Management version 7.5.1 IBM Maximo Asset Management version 7.2

Description The issue is related to a lack of protection for the SQL query structure, allowing remote authenticated users to execute arbitrary SQL commands. This can be exploited by a remote attacker to execute arbitrary SQL commands.

Recommendations For IBM Maximo Asset Management versions 7.1 through 7.1.1.13, update to a version after 7.1.1.13. For IBM Maximo Asset Management versions 7.5.0 before 7.5.0.9 IFIX003, apply IFIX003 or update to a version after 7.5.0.9 IFIX003. For IBM Maximo Asset Management versions 7.6.0 before 7.6.0.3 IFIX001, apply IFIX001 or update to a version after 7.6.0.3 IFIX001. For IBM Maximo Asset Management version 7.5.1, update to a version after 7.5.1. For IBM Maximo Asset Management version 7.2, update to a version after 7.2.