Vulnerability Details : CVE-2014-6102
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.
Products affected by CVE-2014-6102
- cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-6102
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-6102
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2014-6102
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-6102
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/96141
IBM Maximo Asset Management Cognos BI security bypass CVE-2014-6102 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg21695597
IBM Security Bulletin: COGNOS DIRECT INTEGRATION ACCESS REMAINS OPEN AFTER CLOSING MAXIMO SESSION (CVE-2014-6102)Patch;Vendor Advisory
Jump to