IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.
https://exchange.xforce.ibmcloud.com/vulnerabilities/126538
http://www.securityfocus.com/bid/100697
http://www.ibm.com/support/docview.wss?uid=swg22006650
Source: Mitre, NVD
Published: 2017-09-12
Updated: 2026-06-17
Base Score: 6
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P
Severity: Medium
Base Score: 5.5
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
EPSS: 0.00328