CNVD-2024-14667 — Vulnetix

CNVD-2024-14667 PUBLISHED CVSS 8.199999809265137 HIGH

IBM Maximo Asset Management是美国国际商业机器（IBM）公司的一套综合性资产生命周期和维护管理解决方案。该方案能够在一个平台上管理所有类型的资产，如设施、交通运输等，并对这些资产实现单点控制。 IBM Maximo Asset Management存在XML外部实体注入漏洞，攻击者可利用该漏洞公开敏感信息或消耗内存资源。

Risk Scores

CVSS 3.1

8.199999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Affected Products

Vendor	Product	Versions
IBM	Maximo Asset Management	7.6.1.3
ibm	maximo_application_suite	7.6.1.3

Exploit Intelligence

https://www.ibm.com/support/pages/node/7141270 (circl)
https://exchange.xforce.ibmcloud.com/vulnerabilities/284566 (circl)
CIRCL seen: CVE-2024-27266 (circl-sighting)
CIRCL seen: CVE-2024-27266 (circl-sighting)

Timeline

Mar 13, 2024 CVE Published
Mar 14, 2024 PoC Published
Mar 14, 2024 PoC Published

References

https://www.ibm.com/support/pages/node/7141270 vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/284566 vdb

Open in Interactive Console →