Description
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396.
CVSS breakdown
CVSS 3.0
Attack Complexity
Low
Availability
High
Attack Vector
Network
Integrity
High
Scope
Unchanged
Confidentiality
High
User Interaction
None
Privileges Required
Low
E
Unchanged
RC
Changed
RL
O
Affected products
- ibm / maximo_asset_management7.6.0 – 7.6.0
- ibm / maximo_asset_management7.6.1 – 7.6.1