8.8
CVE-2022-35281
- EPSS 0.72%
- Veröffentlicht 09.01.2023 08:15:12
- Zuletzt bearbeitet 21.11.2024 07:11:02
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM Maximo Application Suite command injection
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Maximo Application Suite Version8.3
Ibm ≫ Maximo Application Suite Version8.4
Ibm ≫ Maximo Asset Management Version7.6.1.1
Ibm ≫ Maximo Asset Management Version7.6.1.2
Ibm ≫ Maximo Asset Management Version7.6.1.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.72% | 0.72 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| psirt@us.ibm.com | 5.5 | 2.1 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
|
CWE-1236 Improper Neutralization of Formula Elements in a CSV File
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.