Maximo SQL Injection

This is an interesting property that applies to Maximo 7.1

This is when users manipulate data entry fields to execute malicious SQL statements. Maximo dynamically prepares SQL statements so in almost every attribute this is not an issue. There are a few exceptions so there is a property mxe.db.sqlinjection can be enabled to further limit what can be executed. In addition, you may also want to grant the ‘SEARCHWHERE’ sigoption to applications only to the users that have a business need – this option allows users to send SQL through Maximo that is not filtered by the system. [IBM Support]

Did You Know...

As Maximo Experts, we have developed Maximo adds on products to make Maximo work assignment simple, reporting easy, and facilitating service requests seamless. Check out our additional products EZPlanner, EZInsight, and EZRequest.

Find Out More

Leave a Reply

Your email address will not be published. Required fields are marked *