Maximo SQL Injection

Written by Chon Neth, Editor-in-Chief

This is an interesting property that applies to Maximo 7.1

This is when users manipulate data entry fields to execute malicious SQL statements. Maximo dynamically prepares SQL statements so in almost every attribute this is not an issue. There are a few exceptions so there is a property mxe.db.sqlinjection can be enabled to further limit what can be executed. In addition, you may also want to grant the ‘SEARCHWHERE’ sigoption to applications only to the users that have a business need – this option allows users to send SQL through Maximo that is not filtered by the system. [IBM Support]

Did You Know...

As Maximo Experts, we have developed several add-on products for Maximo that mobilize the work force, simplifies assignments, provides ad-hoc reporting capabilities and facilitates the seamless integration of Service Requests into Maximo.

Check out our products by clicking on the following links: EZMaxMobile, EZMaxPlanner and EZMaxRequest.

Find Out More

Leave a Reply