CVE-2014-3084 — IBM Maximo Asset Management vulnerability

CWE-2643 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.5%

top 32.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Maximo Asset Management IBM Smartcloud Control Desk IBM Tivoli Asset Management FOR IT

Timeline

PublishedAug 29

Latest updateMay 17

Description

IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended write-access restrictions on calendar entries via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 6.8 | Impact: 4.9

Affected Packages3 packages

▶NVDibm/maximo_asset_management33 versions+32

▶NVDibm/tivoli_asset_management6.2, 7.1, 7.2+2

▶NVDibm/smartcloud_control_desk9 versions+8

🔴Vulnerability Details

GHSA

GHSA-8vwh-89fg-mgm7: IBM Maximo Asset Management 6↗2022-05-17

▶

CVEList

CVE-2014-3084: IBM Maximo Asset Management 6↗2014-08-29

▶