CVE-2014-3024

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
6.0MEDIUM
EPSS
0.2%
top 64.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Maximo Asset ManagementIBM Smartcloud Control Desk
Timeline
PublishedAug 29
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

NVDibm/maximo_asset_management20 versions+19
NVDibm/smartcloud_control_desk7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-8hrp-q7q6-qjjh: Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 72022-05-17
CVEList
CVE-2014-3024: Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 72014-08-29
CVE-2014-3024 (MEDIUM CVSS 6) | Cross-site request forgery (CSRF) v | cvebase.io