CVE-2013-5460
First published: Mon May 26 2014(Updated: )
IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Maximo Asset Management | =7.1 | |
| IBM Maximo Asset Management | =7.1.1 | |
| IBM Maximo Asset Management | =7.1.1.1 | |
| IBM Maximo Asset Management | =7.1.1.2 | |
| IBM Maximo Asset Management | =7.1.1.5 | |
| IBM Maximo Asset Management | =7.1.1.6 | |
| IBM Maximo Asset Management | =7.1.1.7 | |
| IBM Maximo Asset Management | =7.1.1.8 | |
| IBM Maximo Asset Management | =7.1.1.9 | |
| IBM Maximo Asset Management | =7.1.1.10 | |
| IBM Maximo Asset Management | =7.1.1.11 | |
| IBM Maximo Asset Management | =7.1.1.12 | |
| IBM Maximo Asset Management | =7.1.2 | |
| IBM Maximo Asset Management | =7.5.0.0 | |
| IBM Maximo Asset Management | =7.5.0.1 | |
| IBM Maximo Asset Management | =7.5.0.2 | |
| IBM Maximo Asset Management | =7.5.0.3 | |
| IBM Maximo Asset Management | =7.5.0.4 | |
| IBM Maximo Asset Management | =7.5.0.5 | |
| IBM Control Desk | =7.0 | |
| IBM Control Desk | =7.5 | |
| IBM Control Desk | =7.5.0.0 | |
| IBM Control Desk | =7.5.0.1 | |
| IBM Control Desk | =7.5.0.2 | |
| IBM Control Desk | =7.5.1.0 | |
| IBM Control Desk | =7.5.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-5460?
CVE-2013-5460 has a medium severity because it allows remote authenticated users to bypass access restrictions.
How do I fix CVE-2013-5460?
To fix CVE-2013-5460, upgrade IBM Maximo Asset Management to version 7.5.0.6 or higher, or IBM SmartCloud Control Desk to version 7.5.0.3 or higher.
Who is affected by CVE-2013-5460?
CVE-2013-5460 affects users of IBM Maximo Asset Management versions prior to 7.5.0.6 and IBM SmartCloud Control Desk versions prior to 7.5.0.3.
What type of vulnerability is CVE-2013-5460?
CVE-2013-5460 is an access control vulnerability that allows unauthorized access to communication logs.
Can CVE-2013-5460 be exploited remotely?
Yes, CVE-2013-5460 can be exploited by remote authenticated users.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm maximo asset management
- version/ibm maximo asset management/7.1
- version/ibm maximo asset management/7.1.1
- version/ibm maximo asset management/7.1.1.1
- version/ibm maximo asset management/7.1.1.2
- version/ibm maximo asset management/7.1.1.5
- version/ibm maximo asset management/7.1.1.6
- version/ibm maximo asset management/7.1.1.7
- version/ibm maximo asset management/7.1.1.8
- version/ibm maximo asset management/7.1.1.9
- version/ibm maximo asset management/7.1.1.10
- version/ibm maximo asset management/7.1.1.11
- version/ibm maximo asset management/7.1.1.12
- version/ibm maximo asset management/7.1.2
- version/ibm maximo asset management/7.5.0.0
- version/ibm maximo asset management/7.5.0.1
- version/ibm maximo asset management/7.5.0.2
- version/ibm maximo asset management/7.5.0.3
- version/ibm maximo asset management/7.5.0.4
- version/ibm maximo asset management/7.5.0.5
- canonical/ibm control desk
- version/ibm control desk/7.0
- version/ibm control desk/7.5
- version/ibm control desk/7.5.0.0
- version/ibm control desk/7.5.0.1
- version/ibm control desk/7.5.0.2
- version/ibm control desk/7.5.1.0
- version/ibm control desk/7.5.1.1