Lucene search

K
nvd[email protected]NVD:CVE-2013-5465
HistoryMay 26, 2014 - 4:55 p.m.

CVE-2013-5465

2014-05-2616:55:02
CWE-264
web.nvd.nist.gov
8

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

59.6%

IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type.

Affected configurations

Nvd
Node
ibmmaximo_asset_managementMatch7.5.0.0
OR
ibmmaximo_asset_managementMatch7.5.0.1
OR
ibmmaximo_asset_managementMatch7.5.0.2
OR
ibmmaximo_asset_managementMatch7.5.0.3
OR
ibmmaximo_asset_managementMatch7.5.0.4
Node
ibmchange_and_configuration_management_databaseMatch7.1.1.7
OR
ibmchange_and_configuration_management_databaseMatch7.1.1.11
OR
ibmchange_and_configuration_management_databaseMatch7.1.1.12
OR
ibmmaximo_service_deskMatch7.1.1.7
OR
ibmmaximo_service_deskMatch7.1.1.11
OR
ibmmaximo_service_deskMatch7.1.1.12
OR
ibmtivoli_asset_management_for_itMatch7.0
OR
ibmtivoli_asset_management_for_itMatch7.1
OR
ibmtivoli_it_asset_management_for_itMatch7.1.1.7
OR
ibmtivoli_it_asset_management_for_itMatch7.1.1.11
OR
ibmtivoli_it_asset_management_for_itMatch7.1.1.12
OR
ibmtivoli_service_request_managerMatch7.0
OR
ibmtivoli_service_request_managerMatch7.1.0.0
OR
ibmtivoli_service_request_managerMatch7.1.1
OR
ibmtivoli_service_request_managerMatch7.1.1.7
OR
ibmtivoli_service_request_managerMatch7.1.1.11
OR
ibmtivoli_service_request_managerMatch7.1.1.12
Node
ibmsmartcloud_control_deskMatch7.0
OR
ibmsmartcloud_control_deskMatch7.5
OR
ibmsmartcloud_control_deskMatch7.5.0.0
OR
ibmsmartcloud_control_deskMatch7.5.0.1
OR
ibmsmartcloud_control_deskMatch7.5.0.2
OR
ibmsmartcloud_control_deskMatch7.5.1.0
OR
ibmsmartcloud_control_deskMatch7.5.1.1
Node
ibmmaximo_asset_managementMatch7.1
OR
ibmmaximo_asset_managementMatch7.1.1
OR
ibmmaximo_asset_managementMatch7.1.1.1
OR
ibmmaximo_asset_managementMatch7.1.1.2
OR
ibmmaximo_asset_managementMatch7.1.1.5
OR
ibmmaximo_asset_managementMatch7.1.1.6
OR
ibmmaximo_asset_managementMatch7.1.1.7
OR
ibmmaximo_asset_managementMatch7.1.1.11
OR
ibmmaximo_asset_managementMatch7.1.1.12
VendorProductVersionCPE
ibmmaximo_asset_management7.5.0.0cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*
ibmmaximo_asset_management7.5.0.1cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*
ibmmaximo_asset_management7.5.0.2cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*
ibmmaximo_asset_management7.5.0.3cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*
ibmmaximo_asset_management7.5.0.4cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*
ibmchange_and_configuration_management_database7.1.1.7cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*
ibmchange_and_configuration_management_database7.1.1.11cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.11:*:*:*:*:*:*:*
ibmchange_and_configuration_management_database7.1.1.12cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*
ibmmaximo_service_desk7.1.1.7cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*
ibmmaximo_service_desk7.1.1.11cpe:2.3:a:ibm:maximo_service_desk:7.1.1.11:*:*:*:*:*:*:*
Rows per page:
1-10 of 381

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

59.6%

Related for NVD:CVE-2013-5465