What is the severity of CVE-2014-3024?

CVE-2014-3024 is classified as a medium severity vulnerability due to its potential for CSRF attacks.

How do I fix CVE-2014-3024?

To fix CVE-2014-3024, users should apply the latest patches provided by IBM for affected versions of Maximo Asset Management and SmartCloud Control Desk.

Which versions of IBM Maximo Asset Management are affected by CVE-2014-3024?

CVE-2014-3024 affects IBM Maximo Asset Management versions 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6.

Which versions of IBM SmartCloud Control Desk are impacted by CVE-2014-3024?

CVE-2014-3024 impacts IBM SmartCloud Control Desk versions 7.5.0 through 7.5.1.2.

What type of vulnerability is CVE-2014-3024?

CVE-2014-3024 is a Cross-Site Request Forgery (CSRF) vulnerability that allows authenticated users to hijack the authentication of others.

Vulnerability/
CVE-2014-3024

medium

CWE

352

29/8/2014

6/8/2024

CVE-2014-3024: CSRF

First published: Fri Aug 29 2014(Updated: )

Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Control Desk	=7.5.0.0
IBM Control Desk	=7.5.0.1
IBM Control Desk	=7.5.0.2
IBM Control Desk	=7.5.0.3
IBM Control Desk	=7.5.1.0
IBM Control Desk	=7.5.1.1
IBM Control Desk	=7.5.1.2
IBM Maximo Asset Management	=7.1
IBM Maximo Asset Management	=7.1.1
IBM Maximo Asset Management	=7.1.1.1
IBM Maximo Asset Management	=7.1.1.2
IBM Maximo Asset Management	=7.1.1.5
IBM Maximo Asset Management	=7.1.1.6
IBM Maximo Asset Management	=7.1.1.7
IBM Maximo Asset Management	=7.1.1.8
IBM Maximo Asset Management	=7.1.1.9
IBM Maximo Asset Management	=7.1.1.10
IBM Maximo Asset Management	=7.1.1.11
IBM Maximo Asset Management	=7.1.1.12
IBM Maximo Asset Management	=7.1.2
IBM Maximo Asset Management	=7.5.0.0
IBM Maximo Asset Management	=7.5.0.1
IBM Maximo Asset Management	=7.5.0.2
IBM Maximo Asset Management	=7.5.0.3
IBM Maximo Asset Management	=7.5.0.4
IBM Maximo Asset Management	=7.5.0.5
IBM Maximo Asset Management	=7.5.0.6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-3024?
CVE-2014-3024 is classified as a medium severity vulnerability due to its potential for CSRF attacks.
How do I fix CVE-2014-3024?
To fix CVE-2014-3024, users should apply the latest patches provided by IBM for affected versions of Maximo Asset Management and SmartCloud Control Desk.
Which versions of IBM Maximo Asset Management are affected by CVE-2014-3024?
CVE-2014-3024 affects IBM Maximo Asset Management versions 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6.
Which versions of IBM SmartCloud Control Desk are impacted by CVE-2014-3024?
CVE-2014-3024 impacts IBM SmartCloud Control Desk versions 7.5.0 through 7.5.1.2.
What type of vulnerability is CVE-2014-3024?
CVE-2014-3024 is a Cross-Site Request Forgery (CSRF) vulnerability that allows authenticated users to hijack the authentication of others.

agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/last-modified-date
agent/weakness
agent/author
agent/event
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm control desk
version/ibm control desk/7.5.0.0
version/ibm control desk/7.5.0.1
version/ibm control desk/7.5.0.2
version/ibm control desk/7.5.0.3
version/ibm control desk/7.5.1.0
version/ibm control desk/7.5.1.1
version/ibm control desk/7.5.1.2
canonical/ibm maximo asset management
version/ibm maximo asset management/7.1
version/ibm maximo asset management/7.1.1
version/ibm maximo asset management/7.1.1.1
version/ibm maximo asset management/7.1.1.2
version/ibm maximo asset management/7.1.1.5
version/ibm maximo asset management/7.1.1.6
version/ibm maximo asset management/7.1.1.7
version/ibm maximo asset management/7.1.1.8
version/ibm maximo asset management/7.1.1.9
version/ibm maximo asset management/7.1.1.10
version/ibm maximo asset management/7.1.1.11
version/ibm maximo asset management/7.1.1.12
version/ibm maximo asset management/7.1.2
version/ibm maximo asset management/7.5.0.0
version/ibm maximo asset management/7.5.0.1
version/ibm maximo asset management/7.5.0.2
version/ibm maximo asset management/7.5.0.3
version/ibm maximo asset management/7.5.0.4
version/ibm maximo asset management/7.5.0.5
version/ibm maximo asset management/7.5.0.6