IBM23F6FDF6D97D0D624D70EA76EB225ED17377D1C6D724778411A77D4E5C2ABD0FSecurity Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure (CVE-2023-32335)
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%
Summary
IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure.
Vulnerability Details
CVEID:CVE-2023-32335
**DESCRIPTION:**IBM Maximo Asset Management stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255075 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Maximo Application Suite - Manage Component | MAS 8.10.0 - Manage 8.6.0 |
Remediation/Fixes
For IBM Maximo Manage application in IBM Maximo Application Suite:
| MAS | Manage Patch Fix or Release |
|---|---|
| Upgrade to MAS 8.10.10 |
Upgrade to Manage 8.6.10 or latest (available from the Catalog under Update Available)
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm maximo application suite | eq | 8.10 | |
| ibm maximo application suite | eq | 8.11 |
Related
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%