Information Disclosure in IBM Maximo Application Suite
CVE-2022-43923

6.2MEDIUM

Key Information:

Vendor: IBM
Status: Maximo Application Suite
Vendor: CVE Published:; 24 February 2023

Summary

IBM Maximo Application Suite versions 8.8.0 and 8.9.0 are vulnerable due to improper handling of sensitive information. This flaw allows local users to read potentially sensitive data stored within the application, posing a risk of unauthorized access. To mitigate this issue, it's crucial for organizations to apply patches and adhere to best practices in securing access rights to sensitive data.

Affected Version(s)

Maximo Application Suite 8.8.0, 8.9.0

References

https://www.ibm.com/support/pages/node/6957654

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/241584

vdb-entry

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 24, 2023
Vulnerability Reserved
Oct 26, 2022