What is the severity of CVE-2014-0849?

CVE-2014-0849 is classified with medium severity due to the potential for privilege escalation by authenticated users.

How do I fix CVE-2014-0849?

To fix CVE-2014-0849, upgrade to IBM Maximo Asset Management versions 7.5.0.3 or later and SmartCloud Control Desk versions 7.5.0.3 or later.

Who is affected by CVE-2014-0849?

CVE-2014-0849 affects users of IBM Maximo Asset Management versions 7.x prior to 7.5.0.3 and SmartCloud Control Desk versions 7.x prior to 7.5.0.3.

What types of accounts are exploited in CVE-2014-0849?

CVE-2014-0849 can be exploited by remote authenticated users who are members of two specific security groups.

Is there a workaround for CVE-2014-0849?

Currently, the recommended solution for CVE-2014-0849 is to update to the appropriate patched versions, as there are no reliable workarounds.

Vulnerability/
CVE-2014-0849

medium

CWE

264

26/5/2014

12/4/2025

CVE-2014-0849

First published: Mon May 26 2014(Updated: )

IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Maximo Asset Management	=7.1
IBM Maximo Asset Management	=7.1.1
IBM Maximo Asset Management	=7.1.1.1
IBM Maximo Asset Management	=7.1.1.2
IBM Maximo Asset Management	=7.1.1.5
IBM Maximo Asset Management	=7.1.1.6
IBM Maximo Asset Management	=7.1.1.7
IBM Maximo Asset Management	=7.1.1.8
IBM Maximo Asset Management	=7.1.1.9
IBM Maximo Asset Management	=7.1.1.10
IBM Maximo Asset Management	=7.1.1.11
IBM Maximo Asset Management	=7.1.1.12
IBM Maximo Asset Management	=7.1.2
IBM Control Desk	=7.0
IBM Control Desk	=7.5
IBM Control Desk	=7.5.0.0
IBM Control Desk	=7.5.0.1
IBM Control Desk	=7.5.0.2
IBM Control Desk	=7.5.0.3
IBM Control Desk	=7.5.1.0
IBM Control Desk	=7.5.1.1
IBM Maximo Asset Management	=7.5.0.0
IBM Maximo Asset Management	=7.5.0.1
IBM Maximo Asset Management	=7.5.0.2
IBM Maximo Asset Management	=7.5.0.3
	=7.1
	=7.1.1
	=7.1.1.1
	=7.1.1.2
	=7.1.1.5
	=7.1.1.6
	=7.1.1.7
	=7.1.1.8
	=7.1.1.9
	=7.1.1.10
	=7.1.1.11
	=7.1.1.12
	=7.1.2
	=7.0
	=7.5
	=7.5.0.0
	=7.5.0.1
	=7.5.0.2
	=7.5.0.3
	=7.5.1.0
	=7.5.1.1
	=7.5.0.0
	=7.5.0.1
	=7.5.0.2
	=7.5.0.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-0849?
CVE-2014-0849 is classified with medium severity due to the potential for privilege escalation by authenticated users.
How do I fix CVE-2014-0849?
To fix CVE-2014-0849, upgrade to IBM Maximo Asset Management versions 7.5.0.3 or later and SmartCloud Control Desk versions 7.5.0.3 or later.
Who is affected by CVE-2014-0849?
CVE-2014-0849 affects users of IBM Maximo Asset Management versions 7.x prior to 7.5.0.3 and SmartCloud Control Desk versions 7.x prior to 7.5.0.3.
What types of accounts are exploited in CVE-2014-0849?
CVE-2014-0849 can be exploited by remote authenticated users who are members of two specific security groups.
Is there a workaround for CVE-2014-0849?
Currently, the recommended solution for CVE-2014-0849 is to update to the appropriate patched versions, as there are no reliable workarounds.

agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/references
agent/severity
agent/author
agent/description
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/event
vendor/ibm
canonical/ibm maximo asset management
version/ibm maximo asset management/7.1
version/ibm maximo asset management/7.1.1
version/ibm maximo asset management/7.1.1.1
version/ibm maximo asset management/7.1.1.2
version/ibm maximo asset management/7.1.1.5
version/ibm maximo asset management/7.1.1.6
version/ibm maximo asset management/7.1.1.7
version/ibm maximo asset management/7.1.1.8
version/ibm maximo asset management/7.1.1.9
version/ibm maximo asset management/7.1.1.10
version/ibm maximo asset management/7.1.1.11
version/ibm maximo asset management/7.1.1.12
version/ibm maximo asset management/7.1.2
canonical/ibm control desk
version/ibm control desk/7.0
version/ibm control desk/7.5
version/ibm control desk/7.5.0.0
version/ibm control desk/7.5.0.1
version/ibm control desk/7.5.0.2
version/ibm control desk/7.5.0.3
version/ibm control desk/7.5.1.0
version/ibm control desk/7.5.1.1
version/ibm maximo asset management/7.5.0.0
version/ibm maximo asset management/7.5.0.1
version/ibm maximo asset management/7.5.0.2
version/ibm maximo asset management/7.5.0.3