Vulnerability Details : CVE-2013-5465
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type.
Exploit prediction scoring system (EPSS) score for CVE-2013-5465
Probability of exploitation activity in the next 30 days: 0.21%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 58 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-5465
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2013-5465
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5465
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511
IBM notice: The page you requested cannot be displayed
-
http://www-01.ibm.com/support/docview.wss?uid=swg21670870
IBM Security Bulletin: Security Vulnerabilities Addressed in Asset and Service MgmtVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/88364
IBM Maximo Asset Management file upload CVE-2013-5465 Vulnerability Report
Products affected by CVE-2013-5465
- cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_service_desk:7.1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_service_desk:7.1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*