IBM Maximo Asset Management CVE-2014-3024 Cross Site Request Forgery Vulnerability

Bugtraq ID:	69460
Class:	Design Error
CVE:	CVE-2014-3024
Remote:	Yes
Local:	No
Published:	Aug 06 2014 12:00AM
Updated:	Aug 06 2014 12:00AM
Credit:	IBM
Vulnerable:	IBM Tivoli Service Request Manager 7.2 IBM Tivoli Service Request Manager 7.1 IBM Tivoli Asset Management for IT 7.2 IBM Tivoli Asset Management for IT 7.1 IBM SmartCloud Control Desk 7.5 IBM Maximo for Utilities 7.5 IBM Maximo for Utilities 7.1 IBM Maximo for Transportation 7.5 IBM Maximo for Transportation 7.1 IBM Maximo for Oil and Gas 7.5 IBM Maximo for Oil and Gas 7.1 IBM Maximo for Nuclear Power 7.5 IBM Maximo for Nuclear Power 7.1 IBM Maximo for Life Sciences 7.5 IBM Maximo for Life Sciences 7.1 IBM Maximo for Government 7.5 IBM Maximo for Government 7.1 IBM Maximo Asset Management Essentials 7.5 IBM Maximo Asset Management Essentials 7.1 IBM Maximo Asset Management 7.5 IBM Maximo Asset Management 7.1 IBM Change and Configuration Management Database 7.2 IBM Change and Configuration Management Database 7.1
Not Vulnerable:

IBM Maximo Asset Management CVE-2014-3024 Cross Site Request Forgery Vulnerability

IBM Maximo Asset Management is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.

IBM Maximo Asset Management CVE-2014-3024 Cross Site Request Forgery Vulnerability

To exploit this issue an attacker must entice a user into visiting a malicious site.

IBM Maximo Asset Management CVE-2014-3024 Cross Site Request Forgery Vulnerability

References:

• IBM Homepage (IBM)
  
• Security Bulletin: Cross-site Request Forgery Vulnerability Addressed in Asset a (IBM)