CVE-2014-3024

Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users.

Published: Aug 29, 2014
Updated: Nov 9, 2025
CVE: CVE-2014-3024
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
ibm / smartcloud_control_desk	7.5.1.0	7.5.1.0.x
ibm / smartcloud_control_desk	7.5.0.3	7.5.0.3.x
ibm / smartcloud_control_desk	7.5.0.1	7.5.0.1.x
ibm / smartcloud_control_desk	7.5.0.0	7.5.0.0.x
ibm / smartcloud_control_desk	7.5.1.1	7.5.1.1.x
ibm / smartcloud_control_desk	7.5.1.2	7.5.1.2.x
ibm / smartcloud_control_desk	7.5.0.2	7.5.0.2.x
ibm / maximo_asset_management	7.1.1.5	7.1.1.5.x
ibm / maximo_asset_management	7.1.1.7	7.1.1.7.x
ibm / maximo_asset_management	7.1.1.10	7.1.1.10.x
ibm / maximo_asset_management	7.1.1.8	7.1.1.8.x
ibm / maximo_asset_management	7.1.1.12	7.1.1.12.x
ibm / maximo_asset_management	7.1.1.9	7.1.1.9.x
ibm / maximo_asset_management	7.1.1.2	7.1.1.2.x
ibm / maximo_asset_management	7.1.1.11	7.1.1.11.x
ibm / maximo_asset_management	7.1	7.1.x
ibm / maximo_asset_management	7.1.1.6	7.1.1.6.x
ibm / maximo_asset_management	7.1.2	7.1.2.x
ibm / maximo_asset_management	7.1.1	7.1.1.x
ibm / maximo_asset_management	7.1.1.1	7.1.1.1.x
ibm / maximo_asset_management	7.5.0.5	7.5.0.5.x
ibm / maximo_asset_management	7.5.0.4	7.5.0.4.x
ibm / maximo_asset_management	7.5.0.1	7.5.0.1.x
ibm / maximo_asset_management	7.5.0.2	7.5.0.2.x
ibm / maximo_asset_management	7.5.0.0	7.5.0.0.x
ibm / maximo_asset_management	7.5.0.3	7.5.0.3.x
ibm / maximo_asset_management	7.5.0.6	7.5.0.6.x

Vulnerability Database

318,638

CVE-2014-3024

Deep Security Visibility Without the Complexity