CVE-2014-6102

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.1 through 7.1.1.13 IBM Maximo Asset Management versions 7.5.0 through 7.5.0.3 IBM Maximo Asset Management versions 7.5.0 before 7.5.0.6 IFIX008 IBM Maximo Asset Management version 7.5.1 through 7.5.1.2 for SmartCloud Control Desk IBM Maximo Asset Management versions 7.1 through 7.1.1.13 for Tivoli IT Asset Management for IT IBM Maximo Asset Management version 7.2 for Tivoli IT Asset Management for IT

Description The issue arises from improper handling of logout actions, allowing remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.

Recommendations For IBM Maximo Asset Management versions 7.1 through 7.1.1.13, update to a version after 7.1.1.13. For IBM Maximo Asset Management versions 7.5.0 through 7.5.0.3, update to a version after 7.5.0.3. For IBM Maximo Asset Management versions 7.5.0 before 7.5.0.6 IFIX008, apply IFIX008 or update to a version after 7.5.0.6 IFIX008. For IBM Maximo Asset Management version 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, update to a version after 7.5.1.2. For IBM Maximo Asset Management versions 7.1 through 7.1.1.13 for Tivoli IT Asset Management for IT, update to a version after 7.1.1.13. For IBM Maximo Asset Management version 7.2 for Tivoli IT Asset Management for IT, update to a version after 7.2.