CVE-2013-2998: Infoleak
First published: Mon May 26 2014(Updated: )
frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Control Desk | =7.0 | |
| IBM Control Desk | =7.5 | |
| IBM Control Desk | =7.5.0.0 | |
| IBM Control Desk | =7.5.0.1 | |
| IBM Control Desk | =7.5.0.2 | |
| IBM Control Desk | =7.5.1.0 | |
| IBM Control Desk | =7.5.1.1 | |
| IBM Maximo Asset Management | =7.1 | |
| IBM Maximo Asset Management | =7.1.1 | |
| IBM Maximo Asset Management | =7.1.1.1 | |
| IBM Maximo Asset Management | =7.1.1.2 | |
| IBM Maximo Asset Management | =7.1.1.5 | |
| IBM Maximo Asset Management | =7.1.1.6 | |
| IBM Maximo Asset Management | =7.1.1.7 | |
| IBM Maximo Asset Management | =7.1.1.8 | |
| IBM Maximo Asset Management | =7.1.1.9 | |
| IBM Maximo Asset Management | =7.1.1.10 | |
| IBM Maximo Asset Management | =7.1.1.11 | |
| IBM Maximo Asset Management | =7.1.1.12 | |
| IBM Maximo Asset Management | =7.1.2 | |
| IBM Maximo Asset Management | =7.5.0.0 | |
| IBM Maximo Asset Management | =7.5.0.1 | |
| IBM Maximo Asset Management | =7.5.0.2 | |
| IBM Maximo Asset Management | =7.5.0.3 | |
| IBM Maximo Asset Management | =7.5.0.4 | |
| IBM Maximo Asset Management | =7.5.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-2998?
CVE-2013-2998 has a medium severity rating due to the potential disclosure of sensitive information.
How do I mitigate CVE-2013-2998?
To mitigate CVE-2013-2998, it is recommended to upgrade to the latest version of IBM Maximo Asset Management or SmartCloud Control Desk that addresses this vulnerability.
What versions are affected by CVE-2013-2998?
CVE-2013-2998 affects IBM Maximo Asset Management versions prior to 7.5.0.6 and SmartCloud Control Desk versions prior to 7.5.0.3.
Can CVE-2013-2998 be exploited remotely?
Yes, CVE-2013-2998 can be exploited by remote authenticated users to access sensitive information.
What causes the vulnerability CVE-2013-2998?
CVE-2013-2998 is caused by improper validation of the action_code parameter in the frontcontroller.jsp file.
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm control desk
- version/ibm control desk/7.0
- version/ibm control desk/7.5
- version/ibm control desk/7.5.0.0
- version/ibm control desk/7.5.0.1
- version/ibm control desk/7.5.0.2
- version/ibm control desk/7.5.1.0
- version/ibm control desk/7.5.1.1
- canonical/ibm maximo asset management
- version/ibm maximo asset management/7.1
- version/ibm maximo asset management/7.1.1
- version/ibm maximo asset management/7.1.1.1
- version/ibm maximo asset management/7.1.1.2
- version/ibm maximo asset management/7.1.1.5
- version/ibm maximo asset management/7.1.1.6
- version/ibm maximo asset management/7.1.1.7
- version/ibm maximo asset management/7.1.1.8
- version/ibm maximo asset management/7.1.1.9
- version/ibm maximo asset management/7.1.1.10
- version/ibm maximo asset management/7.1.1.11
- version/ibm maximo asset management/7.1.1.12
- version/ibm maximo asset management/7.1.2
- version/ibm maximo asset management/7.5.0.0
- version/ibm maximo asset management/7.5.0.1
- version/ibm maximo asset management/7.5.0.2
- version/ibm maximo asset management/7.5.0.3
- version/ibm maximo asset management/7.5.0.4
- version/ibm maximo asset management/7.5.0.5