IBM Maximo Asset Management CVE-2018-1699 SQL Injection Vulnerability

Bugtraq ID:	105189
Class:	Input Validation Error
CVE:	CVE-2018-1699
Remote:	Yes
Local:	No
Published:	Aug 22 2018 12:00AM
Updated:	Aug 22 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	IBM Tivoli Integration Composer 0 IBM SmartCloud Control Desk 0 IBM Maximo for Utilities 0 IBM Maximo for Transportation 0 IBM Maximo for Oil and Gas 0 IBM Maximo for Nuclear Power 0 IBM Maximo for Life Sciences 0 IBM Maximo for Aviation 0 IBM Maximo Asset Management 7.6 IBM Control Desk 0
Not Vulnerable:

IBM Maximo Asset Management CVE-2018-1699 SQL Injection Vulnerability

IBM Maximo Asset Management is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

IBM Maximo Asset Management CVE-2018-1699 SQL Injection Vulnerability

An attacker can exploit this issue using a web browser.

IBM Maximo Asset Management CVE-2018-1699 SQL Injection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

IBM Maximo Asset Management CVE-2018-1699 SQL Injection Vulnerability

References:

• IBM Homepage (IBM)
  
• ibm10725805: IBM Maximo Asset Management is vulnerable to SQL injection. (CVE-2 (IBM)