7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.006 Low
EPSS
Percentile
79.4%
There is a vulnerability in JSZip used by IBM Maximo Manage application in IBM Maximo Application Suite.
CVEID:CVE-2022-48285
**DESCRIPTION:**JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files are loaded with loadAsync
, which makes the library vulnerable to a Zip Slip attack. By extracting files from a specially crafted archive, an attacker could gain access to parts of the file system outside of the target folder, overwrite the executable files and execute arbitrary commands on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244499 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Maximo Application Suite - Manage Component | MAS 8.8.0 - Manage 8.4.0 |
IBM Maximo Application Suite - Manage Component | MAS 8.9.0 - Manage 8.5.0 |
For IBM Maximo Manage application in IBM Maximo Application Suite:
MAS | Manage Patch Fix or Release |
---|---|
Upgrade to MAS 8.8.10 |
Upgrade to Manage 8.4.10 or latest (available from the Catalog under Update Available)
Upgrade to MAS 8.9.6 |
Upgrade to Manage 8.5.6 or latest (available from the Catalog under Update Available)
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm maximo application suite | eq | 8.8.0 | |
ibm maximo application suite | eq | 8.9.0 |
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.006 Low
EPSS
Percentile
79.4%