CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N
Vendors Products
Ibm
  • Maximo Industry Solutions
  • Maximo Asset Management Essentials
  • Smartcloud Control Desk
  • Maximo Asset Management

Configuration 1 [-]

OR cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.6:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.3:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.6:*:*:*:*:*:*:*
References
Link Resource
http://secunia.com/advisories/59570
http://www-01.ibm.com/support/docview.wss?uid=swg21678798 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/93065
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2014-07-29T20:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2014-04-29T00:00:00

Link: CVE-2014-3026

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2014-07-29T20:55:08.100

Modified: 2017-08-29T01:34:36.013

Link: CVE-2014-3026

JSON object: View

cve-icon Redhat Information

No data.

CWE