CVE-2013-5465

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.1.1.7 before LAFIX.20140319-0837 IBM Maximo Asset Management versions 7.1.1.11 before IFIX.20140323-0749 IBM Maximo Asset Management versions 7.1.1.12 before IFIX.20140321-1336 IBM Maximo Asset Management versions 7.5.x before 7.5.0.3 IFIX027 IBM Maximo Asset Management version 7.5.0.4 before IFIX011 SmartCloud Control Desk versions 7.x before 7.5.0.3 SmartCloud Control Desk versions 7.5.1.x before 7.5.1.2 Tivoli IT Asset Management for IT versions 7.x before 7.1.1.7 LAFIX.20140319-0837 Tivoli IT Asset Management for IT versions 7.1.1.11 before IFIX.20140207-1801 Tivoli IT Asset Management for IT versions 7.1.1.12 before IFIX.20140218-1510 Tivoli Service Request Manager versions 7.x before 7.1.1.7 LAFIX.20140319-0837 Tivoli Service Request Manager versions 7.1.1.11 before IFIX.20140207-1801 Tivoli Service Request Manager versions 7.1.1.12 before IFIX.20140218-1510 Maximo Service Desk versions 7.x before 7.1.1.7 LAFIX.20140319-0837 Maximo Service Desk versions 7.1.1.11 before IFIX.20140207-1801 Maximo Service Desk versions 7.1.1.12 before IFIX.20140218-1510 Change and Configuration Management Database (CCMDB) versions 7.x before 7.1.1.7 LAFIX.20140319-0837 Change and Configuration Management Database (CCMDB) versions 7.1.1.11 before IFIX.20140207-1801 Change and Configuration Management Database (CCMDB) versions 7.1.1.12 before IFIX.20140218-1510

Description The affected software does not properly restrict file types during uploads, allowing remote authenticated users to have an unspecified impact via an invalid type.

Recommendations For IBM Maximo Asset Management versions 7.1.1.7 before LAFIX.20140319-0837, apply the LAFIX.20140319-0837 patch. For IBM Maximo Asset Management versions 7.1.1.11 before IFIX.20140323-0749, apply the IFIX.20140323-0749 patch. For IBM Maximo Asset Management versions 7.1.1.12 before IFIX.20140321-1336, apply the IFIX.20140321-1336 patch. For IBM Maximo Asset Management versions 7.5.x before 7.5.0.3 IFIX027, apply the IFIX027 patch. For IBM Maximo Asset Management version 7.5.0.4 before IFIX011, apply the IFIX011 patch. For SmartCloud Control Desk versions 7.x before 7.5.0.3, update to version 7.5.0.3 or later. For SmartCloud Control Desk versions 7.5.1.x before 7.5.1.2, update to version 7.5.1.2 or later. For Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) versions 7.x before 7.1.1.7 LAFIX.20140319-0837, apply the LAFIX.20140319-0837 patch. For Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) versions 7.1.1.11 before IFIX.20140207-1801, apply the IFIX.20140207-1801 patch. For Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) versions 7.1.1.12 before IFIX.20140218-1510, apply the IFIX.20140218-1510 patch.