Vulnerability Database

309,540

Total vulnerabilities in the database

CVE-2017-1352

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.

Published: Sep 12, 2017
Updated: Nov 9, 2025
CVE: CVE-2017-1352
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
ibm / maximo_asset_management	7.5	7.5.x
ibm / maximo_asset_management	7.6	7.6.x

http://www.ibm.com/support/docview.wss?uid=swg22006650
http://www.securityfocus.com/bid/100697
https://exchange.xforce.ibmcloud.com/vulnerabilities/126538

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo