CVE-2014-3084

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 6.1 through 6.5 IBM Maximo Asset Management versions 7.1 through 7.1.1.13 IBM Maximo Asset Management versions 7.5 through 7.5.0.6 IBM Maximo Asset Management versions 7.5.0 through 7.5.0.3 for SmartCloud Control Desk IBM Maximo Asset Management versions 7.5.1 through 7.5.1.2 for SmartCloud Control Desk IBM Maximo Asset Management version 6.2.8 for Tivoli IT Asset Management for IT IBM Maximo Asset Management version 7.1 for Tivoli IT Asset Management for IT IBM Maximo Asset Management version 7.2 for Tivoli IT Asset Management for IT

Description The issue allows remote authenticated users to bypass intended write-access restrictions on calendar entries.

Recommendations For IBM Maximo Asset Management versions 6.1 through 6.5, update to a version outside of this range to resolve the issue. For IBM Maximo Asset Management versions 7.1 through 7.1.1.13, update to a version outside of this range to resolve the issue. For IBM Maximo Asset Management versions 7.5 through 7.5.0.6, update to a version outside of this range to resolve the issue. For IBM Maximo Asset Management versions 7.5.0 through 7.5.0.3 for SmartCloud Control Desk, update to a version outside of this range to resolve the issue. For IBM Maximo Asset Management versions 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, update to a version outside of this range to resolve the issue. For IBM Maximo Asset Management version 6.2.8 for Tivoli IT Asset Management for IT, update to a version outside of this range to resolve the issue. For IBM Maximo Asset Management version 7.1 for Tivoli IT Asset Management for IT, update to a version outside of this range to resolve the issue. For IBM Maximo Asset Management version 7.2 for Tivoli IT Asset Management for IT, update to a version outside of this range to resolve the issue.