CVE-2022-35281 MEDIUM

CVE-2022-35281: IBM Maximo Application Suite command injection

Vendor Ibm
Product Maximo Asset Management
Weakness CWE-1236
Published January 6, 2023
Last update April 9, 2025

CVSS base score

5.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335.

Key dates

02Disclosure timeline

January 6, 2023 CVE published
April 9, 2025 Record updated