IBM Maximo Asset Management information disclosure
CVE-2023-32334

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Maximo Asset Management; Maximo Application Suite
Vendor: CVE Published:; 5 June 2023

🔔 Create IBM Vulnerability Alert

What is CVE-2023-32334?

IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074.

Affected Version(s)

Maximo Application Suite 8.8.0

Maximo Asset Management 7.6.1.2, 7.6.1.3

References

https://www.ibm.com/support/pages/node/6999721

vendor-advisory

https://www.ibm.com/support/pages/node/6999747

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/255074

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2023
Vulnerability Reserved
May 8, 2023

.

CVE-2023-32334 : IBM Maximo Asset Management information disclosure