CVE-2014-6194: Path Traversal
First published: Tue Feb 17 2015(Updated: )
Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Tivoli Change and Configuration Management Database | =7.1 | |
| IBM Tivoli Change and Configuration Management Database | =7.2 | |
| IBM Maximo Asset Management | =7.1 | |
| IBM Maximo Asset Management | =7.1.1 | |
| IBM Maximo Asset Management | =7.1.1.1 | |
| IBM Maximo Asset Management | =7.1.1.2 | |
| IBM Maximo Asset Management | =7.1.1.5 | |
| IBM Maximo Asset Management | =7.1.1.6 | |
| IBM Maximo Asset Management | =7.1.1.7 | |
| IBM Maximo Asset Management | =7.1.1.8 | |
| IBM Maximo Asset Management | =7.1.1.9 | |
| IBM Maximo Asset Management | =7.1.1.10 | |
| IBM Maximo Asset Management | =7.1.1.11 | |
| IBM Maximo Asset Management | =7.1.1.12 | |
| IBM Maximo Asset Management | =7.1.1.13 | |
| IBM Maximo Asset Management | =7.1.2 | |
| IBM Maximo Asset Management | =7.5.0.0 | |
| IBM Maximo Asset Management | =7.5.0.1 | |
| IBM Maximo Asset Management | =7.5.0.2 | |
| IBM Maximo Asset Management | =7.5.0.3 | |
| IBM Maximo Asset Management | =7.5.0.4 | |
| IBM Maximo Asset Management | =7.5.0.5 | |
| IBM Maximo Asset Management | =7.5.0.6 | |
| IBM Maximo Asset Management | =7.5.0.10 | |
| IBM Maximo Asset Management Essentials | =7.1 | |
| IBM Maximo Asset Management Essentials | =7.5.0.0 | |
| IBM Maximo For Government | =7.1 | |
| IBM Maximo For Government | =7.5.0.0 | |
| IBM Maximo for Life Sciences | =7.1 | |
| IBM Maximo for Life Sciences | =7.5.0.0 | |
| IBM Maximo for Nuclear Power | =7.1 | |
| IBM Maximo for Nuclear Power | =7.5.0.0 | |
| IBM Maximo for Oil and Gas | =7.1 | |
| IBM Maximo for Oil and Gas | =7.5.0.0 | |
| IBM Maximo for Transportation | =7.1 | |
| IBM Maximo for Transportation | =7.5.0.0 | |
| IBM Maximo for Utilities | =7.1 | |
| IBM Maximo for Utilities | =7.5.0.0 | |
| IBM Control Desk | =7.5.0.1 | |
| IBM Control Desk | =7.5.0.2 | |
| IBM Control Desk | =7.5.0.3 | |
| IBM Control Desk | =7.5.0.5 | |
| IBM Control Desk | =7.5.1.0 | |
| IBM Control Desk | =7.5.1.1 | |
| IBM Tivoli IT Asset Management for IT | =7.1 | |
| IBM Tivoli IT Asset Management for IT | =7.2 | |
| IBM Tivoli Service Request Manager | =7.1 | |
| IBM Tivoli Service Request Manager | =7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-6194?
CVE-2014-6194 has been rated as a medium severity vulnerability, posing potential risks to sensitive data.
How do I fix CVE-2014-6194?
To fix CVE-2014-6194, ensure that your IBM Maximo Asset Management software is updated to versions 7.1.1.14 or 7.5.0.6 or later.
What type of vulnerability is CVE-2014-6194?
CVE-2014-6194 is classified as a directory traversal vulnerability.
Which software versions are affected by CVE-2014-6194?
CVE-2014-6194 affects IBM Maximo Asset Management versions 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6.
What can happen if CVE-2014-6194 is exploited?
If exploited, CVE-2014-6194 may allow unauthorized users to access sensitive files on the server.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm tivoli change and configuration management database
- version/ibm tivoli change and configuration management database/7.1
- version/ibm tivoli change and configuration management database/7.2
- canonical/ibm maximo asset management
- version/ibm maximo asset management/7.1
- version/ibm maximo asset management/7.1.1
- version/ibm maximo asset management/7.1.1.1
- version/ibm maximo asset management/7.1.1.2
- version/ibm maximo asset management/7.1.1.5
- version/ibm maximo asset management/7.1.1.6
- version/ibm maximo asset management/7.1.1.7
- version/ibm maximo asset management/7.1.1.8
- version/ibm maximo asset management/7.1.1.9
- version/ibm maximo asset management/7.1.1.10
- version/ibm maximo asset management/7.1.1.11
- version/ibm maximo asset management/7.1.1.12
- version/ibm maximo asset management/7.1.1.13
- version/ibm maximo asset management/7.1.2
- version/ibm maximo asset management/7.5.0.0
- version/ibm maximo asset management/7.5.0.1
- version/ibm maximo asset management/7.5.0.2
- version/ibm maximo asset management/7.5.0.3
- version/ibm maximo asset management/7.5.0.4
- version/ibm maximo asset management/7.5.0.5
- version/ibm maximo asset management/7.5.0.6
- version/ibm maximo asset management/7.5.0.10
- canonical/ibm maximo asset management essentials
- version/ibm maximo asset management essentials/7.1
- version/ibm maximo asset management essentials/7.5.0.0
- canonical/ibm maximo for government
- version/ibm maximo for government/7.1
- version/ibm maximo for government/7.5.0.0
- canonical/ibm maximo for life sciences
- version/ibm maximo for life sciences/7.1
- version/ibm maximo for life sciences/7.5.0.0
- canonical/ibm maximo for nuclear power
- version/ibm maximo for nuclear power/7.1
- version/ibm maximo for nuclear power/7.5.0.0
- canonical/ibm maximo for oil and gas
- version/ibm maximo for oil and gas/7.1
- version/ibm maximo for oil and gas/7.5.0.0
- canonical/ibm maximo for transportation
- version/ibm maximo for transportation/7.1
- version/ibm maximo for transportation/7.5.0.0
- canonical/ibm maximo for utilities
- version/ibm maximo for utilities/7.1
- version/ibm maximo for utilities/7.5.0.0
- canonical/ibm control desk
- version/ibm control desk/7.5.0.1
- version/ibm control desk/7.5.0.2
- version/ibm control desk/7.5.0.3
- version/ibm control desk/7.5.0.5
- version/ibm control desk/7.5.1.0
- version/ibm control desk/7.5.1.1
- canonical/ibm tivoli it asset management for it
- version/ibm tivoli it asset management for it/7.1
- version/ibm tivoli it asset management for it/7.2
- canonical/ibm tivoli service request manager
- version/ibm tivoli service request manager/7.1
- version/ibm tivoli service request manager/7.2