CVE-2014-0849

IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups.

Published: May 26, 2014
Updated: Nov 9, 2025
CVE: CVE-2014-0849
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
ibm / maximo_asset_management	7.1.1.5	7.1.1.5.x
ibm / maximo_asset_management	7.1.1.7	7.1.1.7.x
ibm / maximo_asset_management	7.1.1.10	7.1.1.10.x
ibm / maximo_asset_management	7.1.1.8	7.1.1.8.x
ibm / maximo_asset_management	7.1.1.12	7.1.1.12.x
ibm / maximo_asset_management	7.1.1.9	7.1.1.9.x
ibm / maximo_asset_management	7.1.1.2	7.1.1.2.x
ibm / maximo_asset_management	7.1.1.11	7.1.1.11.x
ibm / maximo_asset_management	7.1	7.1.x
ibm / maximo_asset_management	7.1.1.6	7.1.1.6.x
ibm / maximo_asset_management	7.1.2	7.1.2.x
ibm / maximo_asset_management	7.1.1	7.1.1.x
ibm / maximo_asset_management	7.1.1.1	7.1.1.1.x
ibm / smartcloud_control_desk	7.5.1.0	7.5.1.0.x
ibm / smartcloud_control_desk	7.5	7.5.x
ibm / smartcloud_control_desk	7.0	7.0.x
ibm / smartcloud_control_desk	7.5.0.3	7.5.0.3.x
ibm / smartcloud_control_desk	7.5.0.1	7.5.0.1.x
ibm / smartcloud_control_desk	7.5.0.0	7.5.0.0.x
ibm / smartcloud_control_desk	7.5.1.1	7.5.1.1.x
ibm / smartcloud_control_desk	7.5.0.2	7.5.0.2.x
ibm / maximo_asset_management	7.5.0.1	7.5.0.1.x
ibm / maximo_asset_management	7.5.0.2	7.5.0.2.x
ibm / maximo_asset_management	7.5.0.0	7.5.0.0.x
ibm / maximo_asset_management	7.5.0.3	7.5.0.3.x

Vulnerability Database

318,638

CVE-2014-0849

Deep Security Visibility Without the Complexity