5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
IBM Maximo Application Suite uses RESTEasypackage which is vulnerable to CVE-2023-0482.
CVEID:CVE-2023-0482
**DESCRIPTION:**RESTEasy could allow a local authenticated attacker to gain elevated privileges on the system, caused by the creation of insecure temp files in the File.createTempFile() used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246304 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Maximo Application Suite | 8.9 |
IBM Maximo Application Suite | 8.10 |
Affected Product(s) | Version(s) |
---|---|
IBM Maximo Application Suite | 8.9.7 or the latest (available from the Catalog under Update Available) |
IBM Maximo Application Suite | 8.10.2 or the latest (available from the Catalog under Update Available) |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm maximo application suite | eq | 8.9 | |
ibm maximo application suite | eq | 8.10 |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%