CVE-2017-1175

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.1 through 7.6

Description The issue is related to SQL injection, where a remote attacker could send specially-crafted SQL statements to view, add, modify, or delete information in the back-end database. This is due to the lack of protection measures for the SQL query structure, allowing an attacker to exploit the vulnerability and manipulate the database by sending specially crafted SQL statements.

Recommendations For versions 7.1 through 7.6, update to a version that includes fixes for SQL injection vulnerabilities. As a temporary workaround, consider restricting access to the database to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.