Privilege Escalation via Multiple Security Group Membership in IBM Maximo Asset Management and SmartCloud Control Desk

Privilege Escalation via Multiple Security Group Membership in IBM Maximo Asset Management and SmartCloud Control Desk

CVE-2014-0849 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups.

Learn more about our Cloud Audit.