CVE-2014-6194

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.1 through 7.1.1.13 IBM Maximo Asset Management versions 7.5.0 through 7.5.0.3 IBM Maximo Asset Management versions 7.5.0 before 7.5.0.6 IFIX007 IBM Maximo Asset Management versions 7.5.1 through 7.5.1.2 for SmartCloud Control Desk IBM Maximo Asset Management versions 7.2 for Tivoli IT Asset Management for IT

Description A directory traversal issue exists in an unspecified web form, allowing remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname.

Recommendations For IBM Maximo Asset Management versions 7.1 through 7.1.1.13, update to a version outside of this range. For IBM Maximo Asset Management versions 7.5.0 through 7.5.0.3, update to version 7.5.0.6 IFIX007 or later. For IBM Maximo Asset Management versions 7.5.0 before 7.5.0.6 IFIX007, update to version 7.5.0.6 IFIX007 or later. For IBM Maximo Asset Management versions 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, update to a version outside of this range. For IBM Maximo Asset Management versions 7.2 for Tivoli IT Asset Management for IT, update to a version outside of this range.