← Back

CVE-2016-9976

nvd nist
Published: May 3, 2017Modified: May 13, 2026

JSON object

Loading...
8.4
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.5 / Impact: 5.9
Source: NVD

Description

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.

Affected (5)

Ibm
2 products
Maximo Asset Management
Maximo Asset Management Essentials
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Maximo Asset Management
Version 7.1
Maximo Asset Management
Version 7.5
Maximo Asset Management
Version 7.6
Ibm
Maximo Asset Management Essentials
Version 7.1
Maximo Asset Management Essentials
Version 7.5

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

Source: psirt@us.ibm.com
PatchVendor Advisory
Source: psirt@us.ibm.com
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

Timeline

No history available yet.