Cross-Site Request Forgery Vulnerability in IBM Maximo Asset Management Products
CVE-2014-3024

Currently unrated

Key Information:

Vendor: IBM
Status: Smartcloud Control Desk
Vendor: CVE Published:; 29 August 2014

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in IBM Maximo Asset Management versions 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6. This vulnerability allows remote authenticated users to execute unauthorized actions by hijacking the authentication session of arbitrary users. It poses serious security risks, including the potential for unauthorized access and manipulation of user data within the application.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/93063

vdb-entryx_refsource_XF

http://www.securitytracker.com/id/1030781

vdb-entryx_refsource_SECTRACK

http://www-01.ibm.com/support/docview.wss?uid=swg21679918

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 29, 2014
Vulnerability Reserved
Apr 29, 2014