Information Disclosure Vulnerability in IBM Maximo Asset Management
CVE-2021-38924

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Maximo Asset Management
Vendor: CVE Published:; 14 September 2022

Summary

IBM Maximo Asset Management versions 7.6.1.1 and 7.6.1.2 are susceptible to an information disclosure vulnerability that may allow remote attackers to expose sensitive data. This risk occurs when technical error messages are returned to the end-user in the browser, potentially providing attackers with insights that could facilitate subsequent attacks against the system. Users are encouraged to review their error handling processes to mitigate this risk.

Affected Version(s)

Maximo Asset Management 7.6.1.1

Maximo Asset Management 7.6.1.2

References

https://www.ibm.com/support/pages/node/6620059

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/210163

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 14, 2022
Vulnerability Reserved
Aug 16, 2021