IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335.
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Maximo_application_suite | Ibm | 8.3 (including) | 8.3 (including) |
Maximo_application_suite | Ibm | 8.4 (including) | 8.4 (including) |
Maximo_asset_management | Ibm | 7.6.1.1 (including) | 7.6.1.1 (including) |
Maximo_asset_management | Ibm | 7.6.1.2 (including) | 7.6.1.2 (including) |
Maximo_asset_management | Ibm | 7.6.1.3 (including) | 7.6.1.3 (including) |