IBM Maximo Asset Management information disclosure
CVE-2023-32334

5.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
5 June 2023

Summary

IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074.

Affected Version(s)

Maximo Application Suite 8.8.0

Maximo Asset Management 7.6.1.2, 7.6.1.3

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.