CVE-2022-35281

EPSS 0.17%
Published 09.01.2023 08:15:12
Last modified 21.11.2024 07:11:02
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection.  IBM X-Force ID:  2306335.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Maximo Application Suite Version8.3

Ibm ≫ Maximo Application Suite Version8.4

Ibm ≫ Maximo Asset Management Version7.6.1.1

Ibm ≫ Maximo Asset Management Version7.6.1.2

Ibm ≫ Maximo Asset Management Version7.6.1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.39

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
psirt@us.ibm.com	5.5	2.1	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CWE-1236 Improper Neutralization of Formula Elements in a CSV File

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

https://exchange.xforce.ibmcloud.com/vulnerabilities/230635

Vendor Advisory

VDB Entry

https://www.ibm.com/support/pages/node/6852669

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-35281

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-35281

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-35281

EUVD