Lucene search

IbmCVE-2014-6102

HistoryFeb 17, 2015 - 1:59 a.m.

CVE-2014-6102

2015-02-1701:59:00

CWE-264

ibm

web.nvd.nist.gov

ibm

maximo asset management

cve-2014-6102

security vulnerability

remote attack

access restrictions

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

30.7%

JSON

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.

Affected configurations

Nvd

Node

ibmchange_and_configuration_management_databaseMatch7.1

ibmchange_and_configuration_management_databaseMatch7.2

ibmmaximo_asset_managementMatch7.1

ibmmaximo_asset_managementMatch7.1.1

ibmmaximo_asset_managementMatch7.1.1.1

ibmmaximo_asset_managementMatch7.1.1.2

ibmmaximo_asset_managementMatch7.1.1.5

ibmmaximo_asset_managementMatch7.1.1.6

ibmmaximo_asset_managementMatch7.1.1.7

ibmmaximo_asset_managementMatch7.1.1.8

ibmmaximo_asset_managementMatch7.1.1.9

ibmmaximo_asset_managementMatch7.1.1.10

ibmmaximo_asset_managementMatch7.1.1.11

ibmmaximo_asset_managementMatch7.1.1.12

ibmmaximo_asset_managementMatch7.1.1.13

ibmmaximo_asset_managementMatch7.1.2

ibmmaximo_asset_managementMatch7.5.0.0

ibmmaximo_asset_managementMatch7.5.0.1

ibmmaximo_asset_managementMatch7.5.0.2

ibmmaximo_asset_managementMatch7.5.0.3

ibmmaximo_asset_managementMatch7.5.0.4

ibmmaximo_asset_managementMatch7.5.0.5

ibmmaximo_asset_managementMatch7.5.0.6

ibmmaximo_asset_managementMatch7.5.0.10

ibmmaximo_asset_management_essentialsMatch7.1

ibmmaximo_asset_management_essentialsMatch7.5.0.0

ibmmaximo_for_governmentMatch7.1

ibmmaximo_for_governmentMatch7.5.0.0

ibmmaximo_for_life_sciencesMatch7.1

ibmmaximo_for_life_sciencesMatch7.5.0.0

ibmmaximo_for_nuclear_powerMatch7.1

ibmmaximo_for_nuclear_powerMatch7.5.0.0

ibmmaximo_for_oil_and_gasMatch7.1

ibmmaximo_for_oil_and_gasMatch7.5.0.0

ibmmaximo_for_transportationMatch7.1

ibmmaximo_for_transportationMatch7.5.0.0

ibmmaximo_for_utilitiesMatch7.1

ibmmaximo_for_utilitiesMatch7.5.0.0

ibmsmartcloud_control_deskMatch7.5.0.1

ibmsmartcloud_control_deskMatch7.5.0.2

ibmsmartcloud_control_deskMatch7.5.0.3

ibmsmartcloud_control_deskMatch7.5.0.5

ibmsmartcloud_control_deskMatch7.5.1.0

ibmsmartcloud_control_deskMatch7.5.1.1

ibmtivoli_asset_management_for_itMatch7.1

ibmtivoli_asset_management_for_itMatch7.2

ibmtivoli_service_request_managerMatch7.1

ibmtivoli_service_request_managerMatch7.2

VendorProductVersionCPE
ibmchange_and_configuration_management_database7.1cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*
ibmchange_and_configuration_management_database7.2cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*
ibmmaximo_asset_management7.1cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*
ibmmaximo_asset_management7.1.1cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*
ibmmaximo_asset_management7.1.1.1cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*
ibmmaximo_asset_management7.1.1.2cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*
ibmmaximo_asset_management7.1.1.5cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*
ibmmaximo_asset_management7.1.1.6cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*
ibmmaximo_asset_management7.1.1.7cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*
ibmmaximo_asset_management7.1.1.8cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	change_and_configuration_management_database	7.1	cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:::::::*
ibm	change_and_configuration_management_database	7.2	cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:::::::*
ibm	maximo_asset_management	7.1	cpe:2.3:a:ibm:maximo_asset_management:7.1:::::::*
ibm	maximo_asset_management	7.1.1	cpe:2.3:a:ibm:maximo_asset_management:7.1.1:::::::*
ibm	maximo_asset_management	7.1.1.1	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:::::::*
ibm	maximo_asset_management	7.1.1.2	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:::::::*
ibm	maximo_asset_management	7.1.1.5	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:::::::*
ibm	maximo_asset_management	7.1.1.6	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:::::::*
ibm	maximo_asset_management	7.1.1.7	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:::::::*
ibm	maximo_asset_management	7.1.1.8	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:::::::*

Rows per page:

1-10 of 481

References

www-01.ibm.com/support/docview.wss?uid=swg21695597

exchange.xforce.ibmcloud.com/vulnerabilities/96141

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

30.7%

JSON

Related for CVE-2014-6102