CVE-2014-3024

EUVD-2014-3045
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
ibmsmartcloud_control_desk
7.5.0.0
ibmsmartcloud_control_desk
7.5.0.1
ibmsmartcloud_control_desk
7.5.0.2
ibmsmartcloud_control_desk
7.5.0.3
ibmsmartcloud_control_desk
7.5.1.0
ibmsmartcloud_control_desk
7.5.1.1
ibmsmartcloud_control_desk
7.5.1.2
ibmmaximo_asset_management
7.1
ibmmaximo_asset_management
7.1.1
ibmmaximo_asset_management
7.1.1.1
ibmmaximo_asset_management
7.1.1.2
ibmmaximo_asset_management
7.1.1.5
ibmmaximo_asset_management
7.1.1.6
ibmmaximo_asset_management
7.1.1.7
ibmmaximo_asset_management
7.1.1.8
ibmmaximo_asset_management
7.1.1.9
ibmmaximo_asset_management
7.1.1.10
ibmmaximo_asset_management
7.1.1.11
ibmmaximo_asset_management
7.1.1.12
ibmmaximo_asset_management
7.1.2
ibmmaximo_asset_management
7.5.0.0
ibmmaximo_asset_management
7.5.0.1
ibmmaximo_asset_management
7.5.0.2
ibmmaximo_asset_management
7.5.0.3
ibmmaximo_asset_management
7.5.0.4
ibmmaximo_asset_management
7.5.0.5
ibmmaximo_asset_management
7.5.0.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/60408
http://www-01.ibm.com/support/docview.wss?uid=swg1IV56643
http://www-01.ibm.com/support/docview.wss?uid=swg21679918
http://www.securitytracker.com/id/1030781
https://exchange.xforce.ibmcloud.com/vulnerabilities/93063
http://secunia.com/advisories/60408
http://www-01.ibm.com/support/docview.wss?uid=swg1IV56643
http://www-01.ibm.com/support/docview.wss?uid=swg21679918
http://www.securitytracker.com/id/1030781
https://exchange.xforce.ibmcloud.com/vulnerabilities/93063