Vulnerability-Lookup

CVE-2014-6102 (GCVE-0-2014-6102)

Vulnerability from cvelistv5 – Published: 2015-02-17 01:00 – Updated: 2024-08-06 12:03

Summary

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.

Severity ?

No CVSS data available.

CWE

Assigner

ibm

References

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:03:02.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
          },
          {
            "name": "ibm-maximo-cve20146102-sec-bypass(96141)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
        },
        {
          "name": "ibm-maximo-cve20146102-sec-bypass(96141)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6102",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
            },
            {
              "name": "ibm-maximo-cve20146102-sec-bypass(96141)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6102",
    "datePublished": "2015-02-17T01:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:03:02.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83470AC7-A06B-4443-9E60-B0AA18B69AC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE721CF9-0F75-410B-A0F4-542041E25925\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F261A268-7CD0-4328-8FBB-6AC40927DDFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"537C2C01-302E-48A2-9D50-C98AB6DBC466\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65C72B48-0C0F-4C90-A34B-528A5C67432C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59090B6A-09AE-4597-A60A-38C20AEA8F3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19A4B2CD-94F5-4449-8D1F-E69C3BA9929C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F077F88-37D3-43FA-8EA6-A7FBD9869AA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"741A13F4-DED0-43A2-8761-AAEAA0557B96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8945E452-7D50-4C59-B8CE-8F1C756DB01A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0632D29-B9B9-48E1-9762-A80B660CEBA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"048BAB63-0A88-4E3D-998B-06EC7917DC78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41ED069C-0C1B-4D0E-A077-E095897003DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B590C42-21A1-4C62-8293-5A0D7AD628E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01604919-877F-4BDF-A137-C1A54E04BEC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4577B9CD-45CA-4D01-B99D-7C39131C9C35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBB734EA-42EE-4BE0-934E-9E783BCDA31A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16981EC3-76AE-441B-92C4-8DD6E6A1EA89\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36BB996E-17BC-4E35-97A0-142946F6B2AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA8B991C-2AE4-499D-B173-BF016D7F78F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB19E05B-1E03-4230-BE05-21A989695749\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85457F6C-80FE-4E9F-BAB6-58B0485D8B7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCA89D39-C008-49CD-9D1E-7109644970AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D8673B0-D385-467A-A60C-90A436C976D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E13EC59E-0D34-429E-857A-6553286B95B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B315997-8DD3-4244-B292-68568FB82CED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82E905E5-EF91-4CD3-B30F-06B9BDFD07A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4796CF9E-0065-4DE2-8C7A-22EB76F65E8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0C60408-42F0-495B-840B-9A2F5C9CE5E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"764D9D95-26A8-441E-95E1-55C9CDEA59BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"348A5D33-4B81-479F-AE61-4C17642F11EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F780ADF-3151-4B2C-98B9-7FFD0DB47A57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F61A8511-5C5E-4328-998A-28D3229B9B38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"982661EA-3176-4854-A64C-9F32751A045C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55A421E5-F65D-459D-87E3-6398D587F8C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"868B2E44-6193-4159-8D87-C77B468B02DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"397FB717-6568-4037-8D7F-D31CF18E0782\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6EECFFA3-6D8F-454F-AD00-2DC51A954B68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7078628B-134D-48C6-A461-23CCC41A848E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"013D299A-6A9C-44C7-B49C-A4115F4C13E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D5C1BCF-1DC0-45E7-B624-9221F8610346\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"235AE987-A109-4996-B43A-38C1BE23F37B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95FF438A-31FC-44DD-AC14-C9332F0B0A3D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.\"}, {\"lang\": \"es\", \"value\": \"IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5.0 anterior a 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos no manejan correctamente las acciones de cierre de sesi\\u00f3n, lo que permite a atacantes remotos evadir las restricciones de acceso a Cognos BI Direct Integration mediante el aprovechamiento de un estaci\\u00f3n de trabajo desatendida.\"}]",
      "evaluatorComment": "Per an \u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21695597\"\u003eIBM Security Bulletin\u003c/a\u003e IBM identifies access vector as local",
      "id": "CVE-2014-6102",
      "lastModified": "2024-11-21T02:13:47.013",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-02-17T01:59:00.053",
      "references": "[{\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21695597\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/96141\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21695597\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/96141\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-6102\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2015-02-17T01:59:00.053\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.\"},{\"lang\":\"es\",\"value\":\"IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5.0 anterior a 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos no manejan correctamente las acciones de cierre de sesi\u00f3n, lo que permite a atacantes remotos evadir las restricciones de acceso a Cognos BI Direct Integration mediante el aprovechamiento de un estaci\u00f3n de trabajo desatendida.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83470AC7-A06B-4443-9E60-B0AA18B69AC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE721CF9-0F75-410B-A0F4-542041E25925\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F261A268-7CD0-4328-8FBB-6AC40927DDFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"537C2C01-302E-48A2-9D50-C98AB6DBC466\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65C72B48-0C0F-4C90-A34B-528A5C67432C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59090B6A-09AE-4597-A60A-38C20AEA8F3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19A4B2CD-94F5-4449-8D1F-E69C3BA9929C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F077F88-37D3-43FA-8EA6-A7FBD9869AA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"741A13F4-DED0-43A2-8761-AAEAA0557B96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8945E452-7D50-4C59-B8CE-8F1C756DB01A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0632D29-B9B9-48E1-9762-A80B660CEBA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"048BAB63-0A88-4E3D-998B-06EC7917DC78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41ED069C-0C1B-4D0E-A077-E095897003DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B590C42-21A1-4C62-8293-5A0D7AD628E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01604919-877F-4BDF-A137-C1A54E04BEC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4577B9CD-45CA-4D01-B99D-7C39131C9C35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBB734EA-42EE-4BE0-934E-9E783BCDA31A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16981EC3-76AE-441B-92C4-8DD6E6A1EA89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36BB996E-17BC-4E35-97A0-142946F6B2AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA8B991C-2AE4-499D-B173-BF016D7F78F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB19E05B-1E03-4230-BE05-21A989695749\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85457F6C-80FE-4E9F-BAB6-58B0485D8B7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCA89D39-C008-49CD-9D1E-7109644970AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D8673B0-D385-467A-A60C-90A436C976D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E13EC59E-0D34-429E-857A-6553286B95B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B315997-8DD3-4244-B292-68568FB82CED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82E905E5-EF91-4CD3-B30F-06B9BDFD07A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4796CF9E-0065-4DE2-8C7A-22EB76F65E8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0C60408-42F0-495B-840B-9A2F5C9CE5E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"764D9D95-26A8-441E-95E1-55C9CDEA59BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"348A5D33-4B81-479F-AE61-4C17642F11EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F780ADF-3151-4B2C-98B9-7FFD0DB47A57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F61A8511-5C5E-4328-998A-28D3229B9B38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"982661EA-3176-4854-A64C-9F32751A045C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55A421E5-F65D-459D-87E3-6398D587F8C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"868B2E44-6193-4159-8D87-C77B468B02DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"397FB717-6568-4037-8D7F-D31CF18E0782\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EECFFA3-6D8F-454F-AD00-2DC51A954B68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7078628B-134D-48C6-A461-23CCC41A848E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"013D299A-6A9C-44C7-B49C-A4115F4C13E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D5C1BCF-1DC0-45E7-B624-9221F8610346\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"235AE987-A109-4996-B43A-38C1BE23F37B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95FF438A-31FC-44DD-AC14-C9332F0B0A3D\"}]}]}],\"references\":[{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21695597\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/96141\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21695597\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/96141\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Per an \u003ca href=\\\"http://www-01.ibm.com/support/docview.wss?uid=swg21695597\\\"\u003eIBM Security Bulletin\u003c/a\u003e IBM identifies access vector as local\"}}"
  }
}

GHSA-7X3J-8XCM-H43M

Vulnerability from github – Published: 2022-05-17 01:15 – Updated: 2022-05-17 01:15

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-6102"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-02-17T01:59:00Z",
    "severity": "LOW"
  },
  "details": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.",
  "id": "GHSA-7x3j-8xcm-h43m",
  "modified": "2022-05-17T01:15:18Z",
  "published": "2022-05-17T01:15:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6102"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2014-6102

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-6102

Aliases

CVE-2014-6102

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-6102",
    "description": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.",
    "id": "GSD-2014-6102"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-6102"
      ],
      "details": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.",
      "id": "GSD-2014-6102",
      "modified": "2023-12-13T01:22:50.812585Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2014-6102",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597",
            "refsource": "CONFIRM",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
          },
          {
            "name": "ibm-maximo-cve20146102-sec-bypass(96141)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6102"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
            },
            {
              "name": "ibm-maximo-cve20146102-sec-bypass(96141)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-08T01:29Z",
      "publishedDate": "2015-02-17T01:59Z"
    }
  }
}

CNVD-2015-01426

Vulnerability from cnvd - Published: 2015-03-04

Title

IBM Maximo Asset Management访问限制绕过漏洞

Description

IBM Maximo Asset Management是美国IBM公司的一套IT资产管理解决方案。 IBM Maximo Asset Management存在访问限制绕过漏洞，允许攻击者通过利用无人值守的工作站通过预期的Cognos BI直接集成访问限制。

Severity

低

Patch Name

IBM Maximo Asset Management访问限制绕过漏洞的补丁

Patch Description

IBM Maximo Asset Management是美国IBM公司的一套IT资产管理解决方案。IBM Maximo Asset Management存在访问限制绕过漏洞，允许攻击者通过利用无人值守的工作站通过预期的Cognos BI直接集成访问限制。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://www-01.ibm.com/support/docview.wss?uid=swg21695597

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg21695597

Impacted products

Name
IBM Maximo Asset Management 7.1 - 7.1.1.13

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-6102"
    }
  },
  "description": "IBM Maximo Asset Management\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957IT\u8d44\u4ea7\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nIBM Maximo Asset Management\u5b58\u5728\u8bbf\u95ee\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u5229\u7528\u65e0\u4eba\u503c\u5b88\u7684\u5de5\u4f5c\u7ad9\u901a\u8fc7\u9884\u671f\u7684Cognos BI\u76f4\u63a5\u96c6\u6210\u8bbf\u95ee\u9650\u5236\u3002",
  "discovererName": "IBM",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21695597",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-01426",
  "openTime": "2015-03-04",
  "patchDescription": "IBM Maximo Asset Management\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957IT\u8d44\u4ea7\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002IBM Maximo Asset Management\u5b58\u5728\u8bbf\u95ee\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u5229\u7528\u65e0\u4eba\u503c\u5b88\u7684\u5de5\u4f5c\u7ad9\u901a\u8fc7\u9884\u671f\u7684Cognos BI\u76f4\u63a5\u96c6\u6210\u8bbf\u95ee\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Maximo Asset Management\u8bbf\u95ee\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "IBM Maximo Asset Management 7.1 - 7.1.1.13"
  },
  "referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597",
  "serverity": "\u4f4e",
  "submitTime": "2015-02-28",
  "title": "IBM Maximo Asset Management\u8bbf\u95ee\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e"
}

FKIE_CVE-2014-6102

Vulnerability from fkie_nvd - Published: 2015-02-17 01:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21695597	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/96141
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21695597	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/96141

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.1.1.12
ibm	maximo_asset_management	7.1.1.13
ibm	maximo_asset_management	7.1.2
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.5.0.1
ibm	maximo_asset_management	7.5.0.2
ibm	maximo_asset_management	7.5.0.3
ibm	maximo_asset_management	7.5.0.4
ibm	maximo_asset_management	7.5.0.5
ibm	maximo_asset_management	7.5.0.6
ibm	maximo_asset_management	7.5.0.10
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5.0.0
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5.0.0
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5.0.0
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5.0.0
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5.0.0
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5.0.0
ibm	smartcloud_control_desk	7.5.0.1
ibm	smartcloud_control_desk	7.5.0.2
ibm	smartcloud_control_desk	7.5.0.3
ibm	smartcloud_control_desk	7.5.0.5
ibm	smartcloud_control_desk	7.5.1.0
ibm	smartcloud_control_desk	7.5.1.1
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1
ibm	tivoli_service_request_manager	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5.0 anterior a 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos no manejan correctamente las acciones de cierre de sesi\u00f3n, lo que permite a atacantes remotos evadir las restricciones de acceso a Cognos BI Direct Integration mediante el aprovechamiento de un estaci\u00f3n de trabajo desatendida."
    }
  ],
  "evaluatorComment": "Per an \u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21695597\"\u003eIBM Security Bulletin\u003c/a\u003e IBM identifies access vector as local",
  "id": "CVE-2014-6102",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-02-17T01:59:00.053",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-6102 (GCVE-0-2014-6102)

GHSA-7X3J-8XCM-H43M

GSD-2014-6102

CNVD-2015-01426

FKIE_CVE-2014-6102

Tags

Sightings

Nomenclature