PT-2015-3833 · Ibm · Ibm Maximo Asset Management
Published
2015-02-17
·
Updated
2017-09-08
·
CVE-2014-6194
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Maximo Asset Management versions 7.1 through 7.1.1.13
IBM Maximo Asset Management versions 7.5.0 through 7.5.0.3
IBM Maximo Asset Management versions 7.5.0 before 7.5.0.6 IFIX007
IBM Maximo Asset Management versions 7.5.1 through 7.5.1.2 for SmartCloud Control Desk
IBM Maximo Asset Management versions 7.2 for Tivoli IT Asset Management for IT
Description
A directory traversal issue exists in an unspecified web form, allowing remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname.
Recommendations
For IBM Maximo Asset Management versions 7.1 through 7.1.1.13, update to a version outside of this range.
For IBM Maximo Asset Management versions 7.5.0 through 7.5.0.3, update to version 7.5.0.6 IFIX007 or later.
For IBM Maximo Asset Management versions 7.5.0 before 7.5.0.6 IFIX007, update to version 7.5.0.6 IFIX007 or later.
For IBM Maximo Asset Management versions 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, update to a version outside of this range.
For IBM Maximo Asset Management versions 7.2 for Tivoli IT Asset Management for IT, update to a version outside of this range.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Maximo Asset Management