CVE-2013-6741

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.0.0 through 7.1.1.7 before LAFIX.20140319-0837 IBM Maximo Asset Management versions 7.5.0.0 through 7.5.0.5 before IFIX006 SmartCloud Control Desk versions 7.0.0 through 7.5.0.3 SmartCloud Control Desk versions 7.5.1.0 through 7.5.1.2 Tivoli IT Asset Management for IT versions 7.0.0 through 7.1.1.7 before LAFIX.20140319-0837 Tivoli Service Request Manager versions 7.0.0 through 7.1.1.7 before LAFIX.20140319-0837 Maximo Service Desk versions 7.0.0 through 7.1.1.7 before LAFIX.20140319-0837 Change and Configuration Management Database (CCMDB) versions 7.0.0 through 7.1.1.7 before LAFIX.20140319-0837

Description The issue allows remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error.

Recommendations For IBM Maximo Asset Management versions 7.0.0 through 7.1.1.7 before LAFIX.20140319-0837, apply the LAFIX.20140319-0837 patch. For IBM Maximo Asset Management versions 7.5.0.0 through 7.5.0.5 before IFIX006, apply the IFIX006 patch. For SmartCloud Control Desk versions 7.0.0 through 7.5.0.3, update to version 7.5.0.3 or later. For SmartCloud Control Desk versions 7.5.1.0 through 7.5.1.2, update to version 7.5.1.2 or later. For Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) versions 7.0.0 through 7.1.1.7 before LAFIX.20140319-0837, apply the LAFIX.20140319-0837 patch.