CVE-2017-1352 Information

Description

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Reference

http://www.ibm.com/support/docview.wss?uid=swg22006650 http://www.securityfocus.com/bid/100697 https://exchange.xforce.ibmcloud.com/vulnerabilities/126538

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

5.5