IBM Maximo Asset Management improper access control
CVE-2023-32333

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Maximo Asset Management
Vendor: CVE Published:; 2 February 2024

Summary

IBM Maximo Asset Management version 7.6.1.3 has a vulnerability that permits unauthorized remote access to the admin panel due to improper access controls. This flaw can be exploited by an attacker to gain elevated privileges, which may lead to potential data compromises and unauthorized system modifications. Organizations utilizing this version of IBM Maximo Asset Management should prioritize evaluation and remediation of this vulnerability to safeguard their assets and sensitive information.

Affected Version(s)

Maximo Asset Management 7.6.1.3

References

https://www.ibm.com/support/pages/node/7112388

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/255073

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 2, 2024
Vulnerability Reserved
May 8, 2023

Collectors

NVD DatabaseMitre Database